GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter

Annalena · 16.07.2013, 23:20

Hallo allerseits,
mein Mann ist für die nächsten 2 Wochen auf Reisen und prompt tritt ein Problem an unserem PC auf:
der Rechner hat sich offenbar den GVU Trojaner eingefangen, erkennbar am weißen Sperrbildschirm, der fortan keinen Zugriff auf den Desktop mehr zulässt und jegliche Interaktion unterbindet.
Vor Erstellen dieses Beitrages habe ich hier im Forum schon entsprechend recherchiert und bin aktiv geworden.

Unser PC:
Win 7/64 Bit
Internet Explorer
Norton Internet Security 2013 als verwendete Sicherheitslösung

Auf einer 2. partition befindet sich Windows XP

Mithilfe des FRST tools habe ich wie beschrieben gescannt, mit folgendem Ergebnis:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by SYSTEM on 16-07-2013 23:26:22
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\rdzqe.bat [x ] () <=== ATTENTION
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1481280 2013-07-01] (1und1 Mail und Media GmbH)
HKU\Thomas\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-25] (Google Inc.)
HKU\Thomas\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-04-16] (BitTorrent Inc.)
HKU\Thomas\...\Run: [ctfmon.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\eqzdr.dat,FG00 [x] <===== ATTENTION
HKU\Thomas\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe [52224 2013-07-14] (NVIDIA Corporation) <===== ATTENTION
HKU\Thomas\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Thomas\...\Command Processor: "C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe" <===== ATTENTION!
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\eqzdr.dat (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 22:42 - 2013-07-16 22:42 - 00000000 ____D C:\FRST
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\Users\Thomas\AppData\Local\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\ProgramData\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163020 _____ C:\Users\Thomas\AppData\Roaming\2433f433
2013-07-13 00:19 - 2013-07-13 00:21 - 00000000 ____D C:\Windows\System32\MRT
2013-07-10 23:29 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 23:29 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 23:29 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 23:29 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 23:29 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 23:29 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 21:16 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 21:16 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 21:16 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:16 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 21:16 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:16 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:16 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-04 06:08 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-04 06:08 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 06:39 - 2013-07-03 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:36 - 2013-07-03 06:43 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-06-21 20:03 - 2013-06-21 20:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2013-07-16 22:42 - 2013-07-16 22:42 - 00000000 ____D C:\FRST
2013-07-16 21:30 - 2010-11-25 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 21:30 - 2009-07-14 05:51 - 00100818 _____ C:\Windows\setupact.log
2013-07-16 21:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 20:41 - 2010-11-25 21:50 - 01341352 _____ C:\Windows\WindowsUpdate.log
2013-07-15 20:41 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-07-15 20:41 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-07-15 20:41 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\Users\Thomas\AppData\Local\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\ProgramData\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163020 _____ C:\Users\Thomas\AppData\Roaming\2433f433
2013-07-14 23:38 - 2010-11-27 00:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2013-07-14 23:05 - 2012-10-11 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 22:57 - 2010-11-25 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 20:15 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 20:15 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:58 - 2012-10-11 19:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:52 - 2010-11-25 22:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:52 - 2010-11-25 22:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 09:56 - 2010-11-26 20:28 - 00367848 _____ C:\Windows\PFRO.log
2013-07-13 00:21 - 2013-07-13 00:19 - 00000000 ____D C:\Windows\System32\MRT
2013-07-11 21:17 - 2009-07-14 05:45 - 00294344 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 21:16 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 21:16 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 21:16 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:09 - 2012-05-14 21:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:09 - 2012-05-14 21:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 06:43 - 2013-07-03 06:36 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 06:40 - 2013-07-03 06:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 06:39 - 2013-07-03 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-07-02 22:02 - 2013-03-17 22:19 - 00002008 _____ C:\Users\Thomas\Desktop\Amazon.lnk
2013-07-02 22:02 - 2013-03-17 22:19 - 00002002 _____ C:\Users\Thomas\Desktop\GMX.lnk
2013-07-02 22:02 - 2013-03-17 22:18 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-02 22:02 - 2013-03-17 22:18 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-23 23:57 - 2010-11-30 00:27 - 78277128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-21 20:03 - 2013-06-21 20:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-06-21 19:58 - 2012-04-29 09:32 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-21 19:58 - 2012-04-29 09:32 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-21 19:58 - 2012-04-29 09:32 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-19 22:42 - 2012-04-29 09:32 - 00177312 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 22:42 - 2012-04-29 09:32 - 00007631 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\rdzqe.bat
C:\ProgramData\rdzqe.pad
C:\ProgramData\rdzqe.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4023.11 MB
Available physical RAM: 3452.2 MB
Total Pagefile: 4021.26 MB
Available Pagefile: 3442.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:804.55 GB) (Free:685.81 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:126.95 GB) (Free:101.14 GB) NTFS (Disk=0 Partition=2)
Drive e: (Fallout 3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=805 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0C)


LastRegBack: 2013-07-03 22:43

==================== End Of Log ============================

Ich hoffe bis hierhin alles richtig gemacht zu haben und es wäre großartig wenn mir jemand weiterhelfen könnte.

Vielen Dank + LG
Annalena

cosinus · 17.07.2013, 00:58

Hallo und

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\rdzqe.bat [x ] () <=== ATTENTION
HKU\Thomas\...\Run: [ctfmon.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\eqzdr.dat,FG00 [x] <===== ATTENTION
HKU\Thomas\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe [52224 2013-07-14] (NVIDIA Corporation) <===== ATTENTION
HKU\Thomas\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Thomas\...\Command Processor: "C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe" <===== ATTENTION!
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\eqzdr.dat (No File)
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\Users\Thomas\AppData\Local\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\ProgramData\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163020 _____ C:\Users\Thomas\AppData\Roaming\2433f433
C:\ProgramData\rundll32.exe
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\rdzqe.bat
C:\ProgramData\rdzqe.pad
C:\ProgramData\rdzqe.reg

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Annalena · 17.07.2013, 21:44

Hallo cosinus,
das Fixlog ergibt folgenden Inhalt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2013 03
Ran by SYSTEM at 2013-07-17 22:37:18 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully.
HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Thomas\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Thomas\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.
C:\PROGRA~3\eqzdr.dat not found.
C:\Users\Thomas\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Thomas\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
"C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk" => File/Directory not found.
C:\ProgramData\rdzqe.bat => Moved successfully.
C:\ProgramData\rdzqe.pad => Moved successfully.
C:\ProgramData\rdzqe.reg => Moved successfully.

==== End of Fixlog ====

cosinus · 18.07.2013, 01:46

Das ist schön

Startet der Rechner wieder normal? Wenn ja: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Annalena · 18.07.2013, 21:24

Hallo cosinus,
jippieeeee... der Rechner startet wieder, der Sperrbildschirm ist weg, und ich kann auf den Desktop zugreifen !

An dieser Stelle vielen lieben Dank für deine schnelle Hilfe, das ist ganz große klasse !

Ich habe wie von dir beschrieben gescannt und die Auswertung ergibt folgendes:

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Thomas (administrator) on 18-07-2013 21:59:43
Running from C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-25] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-04-16] (BitTorrent Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
MountPoints2: {79d6ce2b-f8d4-11df-96bf-806e6f6e6963} - E:\FalloutLauncher.exe
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1481280 2013-07-01] (1und1 Mail und Media GmbH)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {A58FD6DC-B824-417B-A200-62B0783D6EE9} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE407
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {234F9243-641D-482A-9810-4608309313AA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {317C2050-41D7-4145-8331-1357480B9CAB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {61C691A8-DAD3-4B2E-8043-556B975F8CDE} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {84844130-9F98-484C-97C0-11461355BD00} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {A58FD6DC-B824-417B-A200-62B0783D6EE9} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE407
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6507BD4B-0C27-41B8-9611-6CEF44B86D00}: [NameServer]62.109.121.1 62.109.121.2

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 21:57 - 2013-07-18 21:57 - 01778209 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-07-16 23:42 - 2013-07-16 23:42 - 00000000 ____D C:\FRST
2013-07-13 01:19 - 2013-07-13 01:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 00:29 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 00:29 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 00:29 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 00:29 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 00:29 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 00:29 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 00:29 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 00:29 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 00:29 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 00:29 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 00:29 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 00:29 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:16 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 22:16 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 22:16 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 22:16 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 22:16 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 22:16 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 22:16 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 07:08 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-04 07:08 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 07:40 - 2013-07-03 07:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 07:40 - 2013-07-03 07:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 07:40 - 2013-07-03 07:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 07:40 - 2013-07-03 07:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 07:40 - 2013-07-03 07:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 07:40 - 2013-07-03 07:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 07:40 - 2013-07-03 07:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 07:40 - 2013-07-03 07:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 07:39 - 2013-07-03 07:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 07:36 - 2013-07-03 07:43 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 23:02 - 2013-07-02 23:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 23:02 - 2013-07-02 23:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-06-21 21:03 - 2013-06-21 21:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2013-07-18 21:58 - 2010-11-27 01:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2013-07-18 21:57 - 2013-07-18 21:57 - 01778209 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-07-18 21:57 - 2010-11-25 23:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 21:57 - 2009-07-14 19:58 - 00668692 _____ C:\Windows\system32\perfh007.dat
2013-07-18 21:57 - 2009-07-14 19:58 - 00134540 _____ C:\Windows\system32\perfc007.dat
2013-07-18 21:57 - 2009-07-14 07:13 - 00005210 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 21:53 - 2010-11-25 23:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 21:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 21:52 - 2009-07-14 06:51 - 00100874 _____ C:\Windows\setupact.log
2013-07-17 23:37 - 2010-11-25 22:51 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-16 23:42 - 2013-07-16 23:42 - 00000000 ____D C:\FRST
2013-07-15 21:41 - 2010-11-25 22:50 - 01354278 _____ C:\Windows\WindowsUpdate.log
2013-07-15 00:05 - 2012-10-11 20:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 21:15 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 21:15 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:58 - 2012-10-11 20:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 11:52 - 2010-11-25 23:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 11:52 - 2010-11-25 23:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:56 - 2010-11-26 21:28 - 00367848 _____ C:\Windows\PFRO.log
2013-07-13 01:21 - 2013-07-13 01:19 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 22:17 - 2009-07-14 06:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 22:16 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 22:16 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 22:16 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:09 - 2012-05-14 22:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:09 - 2012-05-14 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 23:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-03 22:41 - 2010-11-25 22:51 - 00001413 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-03 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-03 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-03 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-03 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-03 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 07:43 - 2013-07-03 07:36 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 07:40 - 2013-07-03 07:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 07:40 - 2013-07-03 07:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 07:40 - 2013-07-03 07:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 07:40 - 2013-07-03 07:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 07:40 - 2013-07-03 07:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 07:40 - 2013-07-03 07:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 07:40 - 2013-07-03 07:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 07:40 - 2013-07-03 07:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 07:40 - 2013-07-03 07:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 07:40 - 2013-07-03 07:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 07:40 - 2013-07-03 07:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 07:39 - 2013-07-03 07:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 07:39 - 2013-07-03 07:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 23:02 - 2013-07-02 23:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 23:02 - 2013-07-02 23:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-07-02 23:02 - 2013-03-17 23:19 - 00002008 _____ C:\Users\Thomas\Desktop\Amazon.lnk
2013-07-02 23:02 - 2013-03-17 23:19 - 00002002 _____ C:\Users\Thomas\Desktop\GMX.lnk
2013-07-02 23:02 - 2013-03-17 23:18 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-02 23:02 - 2013-03-17 23:18 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-24 00:57 - 2010-11-30 01:27 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-21 21:03 - 2013-06-21 21:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-06-21 20:58 - 2012-04-29 10:32 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-21 20:58 - 2012-04-29 10:32 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-21 20:58 - 2012-04-29 10:32 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-06-19 23:42 - 2012-04-29 10:32 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-19 23:42 - 2012-04-29 10:32 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 23:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Thomas at 2013-07-18 22:00:43
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 2.2.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Any Video Converter 5.0.5 (x32)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Core Implementation (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Light (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center InstallProxy (x32 Version: 2010.0406.2133.36843)
Catalyst Control Center Localization All (x32 Version: 2010.0406.2133.36843)
CCC Help Danish (x32 Version: 2010.0406.2132.36843)
CCC Help Dutch (x32 Version: 2010.0406.2132.36843)
CCC Help English (x32 Version: 2010.0406.2132.36843)
CCC Help Finnish (x32 Version: 2010.0406.2132.36843)
CCC Help French (x32 Version: 2010.0406.2132.36843)
CCC Help German (x32 Version: 2010.0406.2132.36843)
CCC Help Italian (x32 Version: 2010.0406.2132.36843)
CCC Help Japanese (x32 Version: 2010.0406.2132.36843)
CCC Help Norwegian (x32 Version: 2010.0406.2132.36843)
CCC Help Spanish (x32 Version: 2010.0406.2132.36843)
CCC Help Swedish (x32 Version: 2010.0406.2132.36843)
ccc-core-static (x32 Version: 2010.0406.2133.36843)
ccc-utility64 (Version: 2010.0406.2133.36843)
Driver Whiz (x32 Version: 8.0.1)
Fallout 3 (x32 Version: 1.00.0000)
GMX Desktop Icons (x32 Version: 3.0.3.0)
GMX MailCheck für Internet Explorer (x32 Version: 2.3.0.2)
GMX Softwareaktualisierung (x32 Version: 3.0.0.55)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Gothic 3 Interactive Map (G3iMap) (x32 Version: 1.0.2)
iTunes (Version: 11.0.0.163)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.0.19.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.5.0)
Neverwinter (x32)
Norton Internet Security (x32 Version: 20.4.0.40)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PokerStars.net (x32)
QuickTime (x32 Version: 7.69.80.9)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Safari (x32 Version: 5.33.20.27)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
WinRAR

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {315E8C18-56E6-4D54-BB68-22B6EBEE8045} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {500AF49F-EFF4-48CA-8057-4254CD00C07E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {6C161C89-3865-45D9-8E7D-04CD2982F68D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {95070E39-9E03-4884-A79F-834E3C91DBD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0ABE090-C3CD-467F-995C-4BEC4E919D42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {A4F9B908-E66C-4A8D-90FE-A862DFCE55CE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {AD2A2C8A-3996-41F7-97DF-0104C47306DC} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {E0ABE87A-2E5C-4B48-A03D-724BE9EE6608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: {E7FA30AB-6FDE-4005-99AD-0BC5B89A420B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (07/11/2013 10:18:02 PM) (Source: ESENT) (User: )
Description: taskhost (3448) Versuch, Datei "C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/04/2013 07:02:15 AM) (Source: ESENT) (User: )
Description: taskhost (2676) Versuch, Datei "C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (06/16/2013 10:38:03 AM) (Source: Application Hang) (User: )
Description: Programm uTorrent.exe, Version 3.3.0.29544 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a8

Startzeit: 01ce6a6c952a8b33

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\uTorrent\uTorrent.exe

Berichts-ID: 09cf411c-d660-11e2-aaac-6c626d691504

Error: (06/08/2013 11:10:42 AM) (Source: RasClient) (User: )
Description: CoID={BA85BD9C-FE9D-4407-8FD3-5A7BB41B5F32}: Der Benutzer "Thomas-PC\Thomas" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (06/08/2013 11:10:19 AM) (Source: RasClient) (User: )
Description: CoID={2B463DE5-2043-4EBC-8DD5-4F2D6F652C35}: Der Benutzer "Thomas-PC\Thomas" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (03/29/2013 09:30:55 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16470 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6e0

Startzeit: 01ce2cb3deac63ab

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (03/29/2013 09:30:28 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16470 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c98

Startzeit: 01ce2cb3a649cb2e

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:


System errors:
=============
Error: (07/18/2013 09:53:45 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/16/2013 10:30:38 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2013 09:37:54 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
BHDrvx64
ccSet_NIS
DfsC
discache
eeCtrl
IDSVia64
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
SRTSP
SRTSPX
SymIRON
SymNetS
tdx
Wanarpv6
WfpLwf

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/15/2013 06:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (07/18/2013 09:57:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (07/11/2013 10:18:02 PM) (Source: ESENT)(User: )
Description: taskhost3448C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/04/2013 07:02:15 AM) (Source: ESENT)(User: )
Description: taskhost2676C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (06/16/2013 10:38:03 AM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.3.0.295444a801ce6a6c952a8b330C:\Program Files (x86)\uTorrent\uTorrent.exe09cf411c-d660-11e2-aaac-6c626d691504

Error: (06/08/2013 11:10:42 AM) (Source: RasClient)(User: )
Description: {BA85BD9C-FE9D-4407-8FD3-5A7BB41B5F32}Thomas-PC\ThomasBreitbandverbindung651

Error: (06/08/2013 11:10:19 AM) (Source: RasClient)(User: )
Description: {2B463DE5-2043-4EBC-8DD5-4F2D6F652C35}Thomas-PC\ThomasBreitbandverbindung0

Error: (03/29/2013 09:30:55 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164706e001ce2cb3deac63ab0C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (03/29/2013 09:30:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16470c9801ce2cb3a649cb2e0C:\Program Files (x86)\Internet Explorer\iexplore.exe


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4023.11 MB
Available physical RAM: 2584.28 MB
Total Pagefile: 8044.41 MB
Available Pagefile: 6500.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:804.55 GB) (Free:685.84 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:126.95 GB) (Free:101.14 GB) NTFS (Disk=0 Partition=2)
Drive e: (Fallout 3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF
Drive f: (USB DISK) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=805 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0C)

==================== End Of Log ============================

Stellt sich die Frage ob unser System noch erkenntliche Malware aufweist, welche zu eliminieren wäre (?)

LG

cosinus · 18.07.2013, 21:52

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Annalena · 19.07.2013, 00:34

So, ich hoffe ich habe alles richtig gemacht.

GMER:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 00:40:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC44 931,51GB
Running: 3hk8czpv.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwdiipoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          00000000778ffc90 5 bytes JMP 000000010013091c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        00000000778ffdf4 5 bytes JMP 0000000100130048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 00000000778ffe88 5 bytes JMP 00000001001302ee
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              00000000778fffe4 5 bytes JMP 00000001001304b2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      0000000077900018 5 bytes JMP 00000001001309fe
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              0000000077900048 5 bytes JMP 0000000100130ae0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              000000007790077c 5 bytes JMP 000000010013012a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  000000007790086c 5 bytes JMP 0000000100130758
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            0000000077900884 5 bytes JMP 0000000100130676
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                0000000077900dd4 5 bytes JMP 00000001001303d0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000077901900 5 bytes JMP 0000000100130594
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      0000000077901bc4 5 bytes JMP 000000010013083a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             0000000077901d50 5 bytes JMP 000000010013020c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 0000000075401492 7 bytes JMP 000000010014059e
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            000000007611524f 7 bytes JMP 0000000100130f52
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                00000000761153d0 7 bytes JMP 0000000100140210
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000076115677 1 byte JMP 0000000100140048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000076115679 5 bytes {JMP 0xffffffff8a02a9d1}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      000000007611589a 7 bytes JMP 0000000100130ca6
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000076115a1d 7 bytes JMP 00000001001403d8
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000076115c9b 7 bytes JMP 000000010014012c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000076115d87 7 bytes JMP 00000001001402f4
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1260] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000076117240 7 bytes JMP 0000000100130e6e
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          00000000778ffc90 5 bytes JMP 000000010014091c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        00000000778ffdf4 5 bytes JMP 0000000100140048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 00000000778ffe88 5 bytes JMP 00000001001402ee
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              00000000778fffe4 5 bytes JMP 00000001001404b2
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077900018 5 bytes JMP 00000001001409fe
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077900048 5 bytes JMP 0000000100140ae0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              000000007790077c 5 bytes JMP 000000010014012a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  000000007790086c 5 bytes JMP 0000000100140758
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077900884 5 bytes JMP 0000000100140676
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077900dd4 5 bytes JMP 00000001001403d0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077901900 5 bytes JMP 0000000100140594
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077901bc4 5 bytes JMP 000000010014083a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077901d50 5 bytes JMP 000000010014020c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            000000007611524f 7 bytes JMP 0000000100140f52
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000761153d0 7 bytes JMP 0000000100150210
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000076115677 1 byte JMP 0000000100150048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000076115679 5 bytes {JMP 0xffffffff8a03a9d1}
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      000000007611589a 7 bytes JMP 0000000100140ca6
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000076115a1d 7 bytes JMP 00000001001503d8
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000076115c9b 7 bytes JMP 000000010015012c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000076115d87 7 bytes JMP 00000001001502f4
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000076117240 7 bytes JMP 0000000100140e6e
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1388] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000075401492 7 bytes JMP 00000001001504bc
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         00000000778ffc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       00000000778ffdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                00000000778ffe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                             00000000778fffe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000077900018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                             0000000077900048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                          0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                             000000007790077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                 000000007790086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           0000000077900884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                               0000000077900dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                         0000000077901900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     0000000077901bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                            0000000077901d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                          00000000778ffc90 5 bytes JMP 00000001003f091c
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                        00000000778ffdf4 5 bytes JMP 00000001003f0048
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                 00000000778ffe88 5 bytes JMP 00000001003f02ee
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                              00000000778fffe4 5 bytes JMP 00000001003f04b2
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                      0000000077900018 5 bytes JMP 00000001003f09fe
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                              0000000077900048 5 bytes JMP 00000001003f0ae0
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                           0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                              000000007790077c 5 bytes JMP 00000001003f012a
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                  000000007790086c 5 bytes JMP 00000001003f0758
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                            0000000077900884 5 bytes JMP 00000001003f0676
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                0000000077900dd4 5 bytes JMP 00000001003f03d0
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                          0000000077901900 5 bytes JMP 00000001003f0594
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                      0000000077901bc4 5 bytes JMP 00000001003f083a
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                             0000000077901d50 5 bytes JMP 00000001003f020c
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                            000000007611524f 7 bytes JMP 00000001003f0f52
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                00000000761153d0 7 bytes JMP 00000001006d0210
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                               0000000076115677 1 byte JMP 00000001006d0048
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                               0000000076115679 5 bytes {JMP 0xffffffff8a5ba9d1}
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                      000000007611589a 7 bytes JMP 00000001003f0ca6
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                      0000000076115a1d 7 bytes JMP 00000001006d03d8
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                 0000000076115c9b 7 bytes JMP 00000001006d012c
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                   0000000076115d87 7 bytes JMP 00000001006d02f4
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                  0000000076117240 7 bytes JMP 00000001003f0e6e
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                 0000000075401492 7 bytes JMP 00000001006d059e
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   0000000076381465 2 bytes [38, 76]
.text  C:\Program Files (x86)\uTorrent\uTorrent.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  00000000763814bb 2 bytes [38, 76]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           00000000778ffc90 5 bytes JMP 000000010025091c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         00000000778ffdf4 5 bytes JMP 0000000100250048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  00000000778ffe88 5 bytes JMP 00000001002502ee
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                               00000000778fffe4 5 bytes JMP 00000001002504b2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000077900018 5 bytes JMP 00000001002509fe
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                               0000000077900048 5 bytes JMP 0000000100250ae0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               000000007790077c 5 bytes JMP 000000010025012a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   000000007790086c 5 bytes JMP 0000000100250758
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             0000000077900884 5 bytes JMP 0000000100250676
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 0000000077900dd4 5 bytes JMP 00000001002503d0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           0000000077901900 5 bytes JMP 0000000100250594
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       0000000077901bc4 5 bytes JMP 000000010025083a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              0000000077901d50 5 bytes JMP 000000010025020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  0000000075401492 7 bytes JMP 000000010026059e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             000000007611524f 7 bytes JMP 0000000100250f52
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 00000000761153d0 7 bytes JMP 0000000100260210
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000076115677 1 byte JMP 0000000100260048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000076115679 5 bytes {JMP 0xffffffff8a14a9d1}
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       000000007611589a 7 bytes JMP 0000000100250ca6
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000076115a1d 7 bytes JMP 00000001002603d8
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000076115c9b 7 bytes JMP 000000010026012c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000076115d87 7 bytes JMP 00000001002602f4
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2596] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000076117240 7 bytes JMP 0000000100250e6e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           00000000778ffc90 5 bytes JMP 0000000101a3091c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         00000000778ffdf4 5 bytes JMP 0000000101a30048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  00000000778ffe88 5 bytes JMP 0000000101a302ee
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                               00000000778fffe4 5 bytes JMP 0000000101a304b2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000077900018 5 bytes JMP 0000000101a309fe
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                               0000000077900048 5 bytes JMP 0000000101a30ae0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            0000000077900064 5 bytes JMP 0000000101a1004c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               000000007790077c 5 bytes JMP 0000000101a3012a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   000000007790086c 5 bytes JMP 0000000101a30758
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             0000000077900884 5 bytes JMP 0000000101a30676
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 0000000077900dd4 5 bytes JMP 0000000101a303d0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           0000000077901900 5 bytes JMP 0000000101a30594
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       0000000077901bc4 5 bytes JMP 0000000101a3083a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              0000000077901d50 5 bytes JMP 0000000101a3020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  0000000075401492 7 bytes JMP 0000000101a4059e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             000000007611524f 7 bytes JMP 0000000101a30f52
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 00000000761153d0 7 bytes JMP 0000000101a40210
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000076115677 1 byte JMP 0000000101a40048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000076115679 5 bytes {JMP 0xffffffff8b92a9d1}
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       000000007611589a 7 bytes JMP 0000000101a30ca6
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000076115a1d 7 bytes JMP 0000000101a403d8
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000076115c9b 7 bytes JMP 0000000101a4012c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000076115d87 7 bytes JMP 0000000101a402f4
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000076117240 7 bytes JMP 0000000101a30e6e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000076381465 2 bytes [38, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   00000000763814bb 2 bytes [38, 76]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                        00000000778ffc90 5 bytes JMP 000000010019091c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                      00000000778ffdf4 5 bytes JMP 0000000100190048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                               00000000778ffe88 5 bytes JMP 00000001001902ee
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                            00000000778fffe4 5 bytes JMP 00000001001904b2
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                    0000000077900018 5 bytes JMP 00000001001909fe
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                            0000000077900048 5 bytes JMP 0000000100190ae0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                         0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                            000000007790077c 5 bytes JMP 000000010019012a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                000000007790086c 5 bytes JMP 0000000100190758
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                          0000000077900884 5 bytes JMP 0000000100190676
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                              0000000077900dd4 5 bytes JMP 00000001001903d0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                        0000000077901900 5 bytes JMP 0000000100190594
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                    0000000077901bc4 5 bytes JMP 000000010019083a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                           0000000077901d50 5 bytes JMP 000000010019020c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                          000000007611524f 7 bytes JMP 0000000100190f52
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                              00000000761153d0 7 bytes JMP 00000001001e0210
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                             0000000076115677 1 byte JMP 00000001001e0048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                             0000000076115679 5 bytes {JMP 0xffffffff8a0ca9d1}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                    000000007611589a 7 bytes JMP 0000000100190ca6
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                    0000000076115a1d 7 bytes JMP 00000001001e03d8
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                               0000000076115c9b 7 bytes JMP 00000001001e012c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                 0000000076115d87 7 bytes JMP 00000001001e02f4
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                0000000076117240 7 bytes JMP 0000000100190e6e
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                               0000000075401492 7 bytes JMP 00000001001e04bc
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                      00000000778ffc90 5 bytes JMP 000000010009091c
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                    00000000778ffdf4 5 bytes JMP 0000000100090048
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                             00000000778ffe88 5 bytes JMP 00000001000902ee
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                          00000000778fffe4 5 bytes JMP 00000001000904b2
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000077900018 5 bytes JMP 00000001000909fe
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                          0000000077900048 5 bytes JMP 0000000100090ae0
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                       0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                          000000007790077c 5 bytes JMP 000000010009012a
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                              000000007790086c 5 bytes JMP 0000000100090758
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                        0000000077900884 5 bytes JMP 0000000100090676
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                            0000000077900dd4 5 bytes JMP 00000001000903d0
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                      0000000077901900 5 bytes JMP 0000000100090594
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                  0000000077901bc4 5 bytes JMP 000000010009083a
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                         0000000077901d50 5 bytes JMP 000000010009020c
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                             0000000075401492 7 bytes JMP 00000001000a059e
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                        000000007611524f 7 bytes JMP 0000000100090f52
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                            00000000761153d0 7 bytes JMP 00000001000a0210
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                           0000000076115677 1 byte JMP 00000001000a0048
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                           0000000076115679 5 bytes {JMP 0xffffffff89f8a9d1}
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                  000000007611589a 7 bytes JMP 0000000100090ca6
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                  0000000076115a1d 7 bytes JMP 00000001000a03d8
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                             0000000076115c9b 7 bytes JMP 00000001000a012c
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                               0000000076115d87 7 bytes JMP 00000001000a02f4
.text  C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe[3000] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                              0000000076117240 7 bytes JMP 0000000100090e6e
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                  00000000778ffc90 5 bytes JMP 000000010024091c
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                00000000778ffdf4 5 bytes JMP 0000000100240048
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                         00000000778ffe88 5 bytes JMP 00000001002402ee
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                      00000000778fffe4 5 bytes JMP 00000001002404b2
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                              0000000077900018 5 bytes JMP 00000001002409fe
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                      0000000077900048 5 bytes JMP 0000000100240ae0
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                   0000000077900064 5 bytes JMP 000000010002004c
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                      000000007790077c 5 bytes JMP 000000010024012a
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                          000000007790086c 5 bytes JMP 0000000100240758
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                    0000000077900884 5 bytes JMP 0000000100240676
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                        0000000077900dd4 5 bytes JMP 00000001002403d0
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                  0000000077901900 5 bytes JMP 0000000100240594
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                              0000000077901bc4 5 bytes JMP 000000010024083a
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                     0000000077901d50 5 bytes JMP 000000010024020c
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                    000000007611524f 7 bytes JMP 0000000100240f52
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                        00000000761153d0 7 bytes JMP 0000000100250210
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                       0000000076115677 1 byte JMP 0000000100250048
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                       0000000076115679 5 bytes {JMP 0xffffffff8a13a9d1}
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                              000000007611589a 7 bytes JMP 0000000100240ca6
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                              0000000076115a1d 7 bytes JMP 00000001002503d8
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                         0000000076115c9b 7 bytes JMP 000000010025012c
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                           0000000076115d87 7 bytes JMP 00000001002502f4
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                          0000000076117240 7 bytes JMP 0000000100240e6e
.text  C:\Users\Thomas\Desktop\3hk8czpv.exe[4068] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                         0000000075401492 7 bytes JMP 00000001002504bc

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001060a67e52 (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001060a67e52@30385519f7bd                                                                                         0xED 0x17 0xF5 0xA7 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a67e52                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a67e52@30385519f7bd                                                                                     0xED 0x17 0xF5 0xA7 ...
Reg    HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001060a67e52 (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001060a67e52@30385519f7bd                                                                                         0xED 0x17 0xF5 0xA7 ...

---- EOF - GMER 2.1 ----

mbar:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Thomas :: THOMAS-PC [administrator]

19.07.2013 01:04:57
mbar-log-2013-07-19 (01-04-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 230462
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 19.07.2013, 14:51

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Annalena · 20.07.2013, 18:05

Habe alles wie beschrieben gemacht, hier die Resultate:

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by Thomas on 20.07.2013 at 17:31:17,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2013 at 17:34:55,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 20/07/2013 um 17:44:25 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [720 octets] - [20/07/2013 17:44:25]

########## EOF - C:\AdwCleaner[S1].txt - [779 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 20.07.2013 18:00:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 67,88% Memory free
7,86 Gb Paging File | 6,44 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 804,55 Gb Total Space | 685,18 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive D: | 126,95 Gb Total Space | 101,14 Gb Free Space | 79,67% Space Free | Partition Type: NTFS
Drive E: | 5,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130719.016\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130719.016\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130718.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 F8 22 10 8F 72 CE 01  [binary data]
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes,DefaultScope = {A58FD6DC-B824-417B-A200-62B0783D6EE9}
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{234F9243-641D-482A-9810-4608309313AA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{317C2050-41D7-4145-8331-1357480B9CAB}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{61C691A8-DAD3-4B2E-8043-556B975F8CDE}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{84844130-9F98-484C-97C0-11461355BD00}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\SearchScopes\{A58FD6DC-B824-417B-A200-62B0783D6EE9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE407
IE - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.07.20 17:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013.06.08 20:27:58 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4107784737-1442786909-1154631615-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6507BD4B-0C27-41B8-9611-6CEF44B86D00}: NameServer = 62.109.121.1 62.109.121.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA68018A-1CA4-41A5-B4F3-B5C300E9CDD8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.25 22:20:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.09.11 01:19:00 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{79d6ce2b-f8d4-11df-96bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79d6ce2b-f8d4-11df-96bf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe -- [2008.09.18 22:39:05 | 007,038,392 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.20 17:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.07.20 17:31:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.20 17:06:43 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Thomas\Desktop\JRT.exe
[2013.07.19 00:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 00:17:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\mbar-1.06.0.1004
[2013.07.18 21:57:25 | 001,778,209 | ---- | C] (Farbar) -- C:\Users\Thomas\Desktop\FRST64.exe
[2013.07.16 23:42:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.13 01:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.11 00:29:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.11 00:29:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.11 00:29:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.11 00:29:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.11 00:29:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.11 00:29:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.11 00:29:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.11 00:29:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.11 00:29:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.11 00:29:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.11 00:29:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.11 00:29:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.11 00:29:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.11 00:29:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.11 00:29:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 22:16:47 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 22:16:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 22:16:47 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 22:16:47 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 22:16:22 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.04 07:08:31 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.07.03 07:40:04 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.07.03 07:40:04 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.07.03 07:40:04 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.07.03 07:40:04 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.07.03 07:40:04 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.07.03 07:40:04 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.07.03 07:40:04 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.07.03 07:40:04 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.07.03 07:40:04 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.07.03 07:40:04 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.07.03 07:40:04 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.07.03 07:40:04 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.07.03 07:40:04 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.07.03 07:40:04 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.07.03 07:40:04 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.03 07:40:04 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.07.03 07:40:04 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.07.03 07:40:04 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.07.03 07:40:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.07.03 07:40:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.07.03 07:40:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.07.03 07:40:04 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.07.03 07:40:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.07.03 07:40:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.07.03 07:40:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.07.03 07:40:04 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.07.03 07:40:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.07.03 07:40:04 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.07.03 07:40:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.07.03 07:40:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.07.03 07:40:04 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.07.03 07:40:04 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.07.03 07:40:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.07.03 07:40:04 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.07.03 07:40:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.07.03 07:40:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.07.03 07:40:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.07.03 07:40:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.07.03 07:40:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.07.03 07:40:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.07.03 07:40:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.07.03 07:40:04 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.07.03 07:40:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.07.03 07:40:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.07.03 07:40:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.07.03 07:40:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.07.03 07:40:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.07.03 07:40:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.07.03 07:40:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.07.03 07:40:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.07.03 07:40:04 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.07.03 07:40:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.07.03 07:40:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.07.03 07:39:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.07.03 07:39:04 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.07.03 07:39:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.07.03 07:39:04 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.07.03 07:39:04 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.07.03 07:39:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.07.03 07:39:04 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.07.03 07:39:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.07.03 07:39:04 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.07.03 07:39:04 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.07.03 07:39:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.07.03 07:39:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.07.03 07:39:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.07.03 07:39:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.07.03 07:39:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.07.03 07:39:04 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.03 07:39:04 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.07.03 07:39:04 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.07.03 07:39:04 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.07.03 07:39:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.03 07:39:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.03 07:39:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.03 07:39:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.03 07:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\GMX MailCheck
[2013.07.03 07:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
[2013.07.03 07:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GMX MailCheck
[2013.07.02 23:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.07.02 23:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2013.07.02 23:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
[1 C:\Users\Thomas\AppData\Local\*.tmp files -> C:\Users\Thomas\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.20 17:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.20 17:53:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.07.20 17:53:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 17:53:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 17:50:50 | 000,814,112 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.20 17:50:50 | 000,662,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.20 17:50:50 | 000,179,720 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.20 17:50:50 | 000,151,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.20 17:50:50 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.20 17:46:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.20 17:46:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.20 17:46:10 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.20 17:42:59 | 000,666,633 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.07.20 17:06:43 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Thomas\Desktop\JRT.exe
[2013.07.20 17:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 00:14:39 | 013,399,154 | ---- | M] () -- C:\Users\Thomas\Desktop\mbar-1.06.0.1004.zip
[2013.07.18 23:51:55 | 000,377,856 | ---- | M] () -- C:\Users\Thomas\Desktop\3hk8czpv.exe
[2013.07.18 23:50:43 | 000,377,856 | ---- | M] () -- C:\Users\Thomas\Desktop\gmer_2.1.19163.exe
[2013.07.18 21:57:32 | 001,778,209 | ---- | M] (Farbar) -- C:\Users\Thomas\Desktop\FRST64.exe
[2013.07.13 11:58:52 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.11 22:17:14 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 22:15:58 | 002,475,419 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.07.03 07:40:04 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.07.03 07:40:04 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.07.03 07:40:04 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.07.03 07:40:04 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.07.03 07:40:04 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.07.03 07:40:04 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.07.03 07:40:04 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.07.03 07:40:04 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.07.03 07:40:04 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.07.03 07:40:04 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.07.03 07:40:04 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.07.03 07:40:04 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.07.03 07:40:04 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.07.03 07:40:04 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.07.03 07:40:04 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.03 07:40:04 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.07.03 07:40:04 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.07.03 07:40:04 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.07.03 07:40:04 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.07.03 07:40:04 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.07.03 07:40:04 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.07.03 07:40:04 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.07.03 07:40:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.07.03 07:40:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.07.03 07:40:04 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.07.03 07:40:04 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.07.03 07:40:04 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.07.03 07:40:04 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.07.03 07:40:04 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.07.03 07:40:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.07.03 07:40:04 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.07.03 07:40:04 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.07.03 07:40:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.07.03 07:40:04 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.07.03 07:40:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.07.03 07:40:04 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.07.03 07:40:04 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.07.03 07:40:04 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.07.03 07:40:04 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.07.03 07:40:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.07.03 07:40:04 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.07.03 07:40:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.07.03 07:40:04 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.07.03 07:40:04 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.07.03 07:40:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.07.03 07:40:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.07.03 07:40:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.07.03 07:40:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.07.03 07:40:04 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.07.03 07:40:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.03 07:40:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.03 07:40:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.07.03 07:40:04 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.07.03 07:40:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.07.03 07:40:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.07.03 07:39:04 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.07.03 07:39:04 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.07.03 07:39:04 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.07.03 07:39:04 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.07.03 07:39:04 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.07.03 07:39:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.07.03 07:39:04 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.07.03 07:39:04 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.07.03 07:39:04 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.07.03 07:39:04 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.07.03 07:39:04 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.07.03 07:39:04 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.07.03 07:39:04 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.07.03 07:39:04 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.07.03 07:39:04 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.07.03 07:39:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.03 07:39:04 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.07.03 07:39:04 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.07.03 07:39:04 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.07.03 07:39:04 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.03 07:39:04 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.03 07:39:04 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.07.03 07:39:04 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.03 07:39:04 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.07.02 23:02:06 | 000,002,008 | ---- | M] () -- C:\Users\Thomas\Desktop\Amazon.lnk
[2013.07.02 23:02:06 | 000,002,002 | ---- | M] () -- C:\Users\Thomas\Desktop\GMX.lnk
[2013.06.21 20:58:23 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[1 C:\Users\Thomas\AppData\Local\*.tmp files -> C:\Users\Thomas\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.20 17:42:59 | 000,666,633 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.07.19 00:14:26 | 013,399,154 | ---- | C] () -- C:\Users\Thomas\Desktop\mbar-1.06.0.1004.zip
[2013.07.18 23:51:55 | 000,377,856 | ---- | C] () -- C:\Users\Thomas\Desktop\3hk8czpv.exe
[2013.07.18 23:50:42 | 000,377,856 | ---- | C] () -- C:\Users\Thomas\Desktop\gmer_2.1.19163.exe
[2013.07.03 07:40:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.03 07:40:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.16 22:58:37 | 002,217,823 | ---- | C] () -- C:\Users\Thomas\fotobuch.cpr
[2011.10.28 17:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\{5342ADE5-E0A2-4F1F-BC25-288BA3242AB3}
[2011.07.26 21:55:00 | 000,004,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 21:54:17 | 000,890,880 | ---- | C] () -- C:\Users\Thomas\Sendung mit der Maus - TrockenNass.pps
[2011.07.10 11:55:47 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\{2D41B1A1-4F00-4ABA-9C1F-4C298B79E48A}
[2011.05.03 00:18:58 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\{B8ED0A2E-F09E-4D7B-98F9-D0DAC4A05373}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.08 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\1&1 Mail & Media GmbH
[2013.05.02 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2011.02.19 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2013.07.20 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 20.07.2013 18:00:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 67,88% Memory free
7,86 Gb Paging File | 6,44 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 804,55 Gb Total Space | 685,18 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive D: | 126,95 Gb Total Space | 101,14 Gb Free Space | 79,67% Space Free | Partition Type: NTFS
Drive E: | 5,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BFFBF7-66B9-47A5-B492-9D4A762F4F19}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0E3C3F52-126C-49C1-AB8F-5699BA8C2259}" = lport=139 | protocol=6 | dir=in | app=system | 
"{114A2182-D4B9-4787-ABA1-1278CB56FCD7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B757573-3FDB-49DB-BD0B-DF12187C8F91}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3008A624-3134-45C0-A092-860D2A3D277C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3D4712A5-F27D-4756-BCAA-1BF42D6F41BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{46B0C858-3D7D-440C-8C8A-555FECC7024B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4ABF788A-4043-4B80-97AA-548AC3511450}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B80BC4C-64CE-414C-9582-80E6057C9028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4EB48DF7-2A0E-464C-AB55-DC83B4849C8F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{517566EE-F059-418B-BDB8-09ABC1A72DAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A940386-FADE-4965-9A3F-99C53A2EBABF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BB93023-6F45-46BC-B046-989266E91BFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F00914A-DA27-4614-9E76-E2498D11BC60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8FB3593A-F0EE-4EA7-B93E-693E052A85D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9278AF9B-7206-4957-A1B5-3D491D370292}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE0E2EB5-DB25-4BE9-B16B-91FB3DC09CBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B21B413B-666B-4E90-A4D3-512ECC2DF8BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BB9E4BD5-780C-4B40-A6FB-FAC3FDD45AA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C3EC8D4B-927D-4973-9600-A2DE90F34FD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC896D12-5EE5-486B-AD29-D52A6C6A3E07}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11465F64-5E9C-4D84-95F6-AD55999C7A49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{136A11E1-35D8-45C3-ACDA-6C04A89ABB7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C5C3662-5345-45D8-9B05-DA070F53ADBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2CDEB4DC-C117-4650-A2CF-DA6C7E480BD7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CE9EF6D-87CA-4E00-BA40-3CC472AE4C14}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{34041011-7B04-400D-8A32-3F1B8FD2E93A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3996B27F-4B95-4100-BBD8-5D1552AC9785}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C6A0763-4EC0-4083-A279-329E90BFCF7F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4F8BB9AE-B101-46C5-A0C3-791E52372EB8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D1C1228-D9FF-485F-B861-39C3D8103C60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FE5F1B6-0DE8-4058-B424-6A8101DD6318}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{65F5EEB1-A000-478A-BDDC-F689FB3E968E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DBE7A4B-E7E7-4616-BF53-8597308EB084}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72714C21-DCBE-4E9E-9909-A34765F9090C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D2E83D8-335C-423B-B57C-AB6F1498CF32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7DED092E-C193-4752-A772-6D278D328D97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FA0ABFD-9B46-4C91-A78A-9681FFF5E5EE}" = protocol=6 | dir=out | app=system | 
"{87F155FB-8AA9-43A0-A41E-BAF537E63522}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{882B7437-0D65-4A38-8B1E-9E78FC970F18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C0750C9-CEEF-4EB0-A51D-BA2019981D3E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{92DED456-C431-4CD1-9EF0-A72208075112}" = protocol=17 | dir=in | app=e:\o2cd.exe | 
"{A9BFB8CD-1B1A-488F-BC43-E6583129D42C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AFEBE19C-D2D0-41D7-A00C-4222B0000C91}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B68E2F2E-4819-44E5-BDC0-053DCF214796}" = protocol=6 | dir=in | app=e:\o2cd.exe | 
"{B87912C3-6BB8-48B6-BF85-F56B88D987F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C054F47E-F2E2-4D0F-AE42-A8AFCFA90968}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C6060485-9496-4D14-A19D-DD19528A6128}" = protocol=58 | dir=in | app=system | 
"{D6EF8FE0-EE5E-4B40-BD76-0ED61C4659FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E836B671-05C7-47A5-932C-467ED8CCB4FE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F05AD7E2-3ADD-4BA1-8DC9-A2D8A02E8E93}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{F95CB089-EF7B-4A1D-82DC-83D7A440EF8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9EF4EF5-21C7-40B2-8454-4E5BEBAF5730}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE7D1776-BBB0-42CA-9D29-5CF2A66604ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{09BB85CA-914E-4C68-8637-F8C7ED788ABD}C:\users\thomas\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{49405755-133F-4A9C-B868-C8D667CB22C6}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{5B426A30-A311-4A26-8DCD-BF1AA2DBF5FD}C:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\dlpb6d1p\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\dlpb6d1p\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{954F8C1C-FC3E-472E-B771-B9BC47B36341}C:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\da5xm2p9\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\da5xm2p9\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{AB30A50F-9AD3-4A32-AA9F-B96436719A2B}C:\downloads gesichert\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\downloads gesichert\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{0AD7021D-5CEE-48D0-8AF2-3E2376B0C029}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{16B80F48-D2B8-41DF-9BD8-597CDD77F374}C:\downloads gesichert\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\downloads gesichert\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{17AE1B8C-8101-4D2C-8543-047DD3883130}C:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\dlpb6d1p\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\dlpb6d1p\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{97DF7A72-0733-46A4-9537-218D65087807}C:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\da5xm2p9\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\microsoft\windows\temporary internet files\content.ie5\da5xm2p9\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{D6C98882-D3D0-4C63-98D9-E904D9472DF9}C:\users\thomas\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\neverwinter_nw.1.20130416a.6.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{282149DF-15F4-5E08-E943-61C0603F6187}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C5C7B62-C959-5FEB-FAD6-B7A0BE68B868}" = ATI Catalyst Install Manager
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New
"{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English
"{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish
"{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light
"{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation
"{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese
"{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish
"{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish
"{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish
"1&1 Mail & Media GmbH 1und1DesktopIconsInstaller" = GMX Desktop Icons
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 5.0.5
"Google Chrome" = Google Chrome
"Gothic 3 Interactive Map (G3iMap)_is1" = Gothic 3 Interactive Map (G3iMap)
"Neverwinter" = Neverwinter
"NIS" = Norton Internet Security
"PokerStars.net" = PokerStars.net
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2013 11:50:47 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 20.07.2013 11:50:47 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 20.07.2013 11:50:47 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
 
< End of report >

LG

cosinus · 21.07.2013, 13:47

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Annalena · 26.07.2013, 20:01

Hallo,
habe zuerst mit MBAM einen Quickscan gemacht:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Thomas :: THOMAS-PC [Administrator]

25.07.2013 20:32:00
mbam-log-2013-07-25 (20-32-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210493
Laufzeit: 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2683d44dbb3aa241b37e596ff58719e6
# engine=14530
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-25 09:06:06
# local_time=2013-07-25 11:06:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 453907 137382951 0 0
# compatibility_mode=5893 16776574 66 94 1212593 126416216 0 0
# scanned=319789
# found=8
# cleaned=0
# scan_time=8192
sh=41FB38E7F2BAB05DF6648293111A3F2797F224F5 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\msconfig.lnk"
sh=57176BDAB3DFB7D327DA48ADD5B804FEA12524AB ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\rdzqe.bat"
sh=8CEDDFA58E4BE1C078B1559B25248F69E732D9A6 ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.HT application" ac=I fn="C:\incoming\Eset.NOD32.AntiVirus.2.51.20.by.Smeagol-KilleR.rar"
sh=B98DAEABF8FBD79D0A618278734FD62B91602A02 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PAH trojan" ac=I fn="C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\c19b8cb-49c6ec0e"
sh=92F5EEDD59EDFD7AED9067EB6064CB6D88D91C46 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLC trojan" ac=I fn="C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\16b67891-63cd61b5"
sh=1E656847FB2CABAA64006D031352B76ACAF7A94F ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLC trojan" ac=I fn="C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\29176a6c-77e2661a"
sh=F8AAEBE2EABA06771DEEC7DD03BD7E9F4521F2BB ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-1493.BW trojan" ac=I fn="C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7c34432d-5e3c939e"
sh=598E10C24F462CA9B354784F9C86CB9080FB827D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\23869dc7-434aa240"

Dann hatte ich bemerkt, dass für MBAM ja ein Vollscan gefordert war, und hier sind nun 2 Dateien gefunden worden (eine kommt von ESET, was ich aber gleich nach dem ESET Scan deinstalliert hatte):

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Thomas :: THOMAS-PC [Administrator]

26.07.2013 17:02:13
MBAM-log-2013-07-26 (20-43-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 508077
Laufzeit: 2 Stunde(n), 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\incoming\Eset.NOD32.AntiVirus.2.51.20.by.Smeagol-KilleR.rar (PUP.RiskWareTool.CK) -> Keine Aktion durchgeführt.
D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FI6DE9KQ\logo[1].gif (Extension.Mismatch) -> Keine Aktion durchgeführt.

(Ende)

LG

cosinus · 26.07.2013, 20:06

Zitat:

C:\incoming\Eset.NOD32.AntiVirus.2.51.20.by.Smeagol-KilleR.rar (PUP.RiskWareTool.CK) -> Keine Aktion durchgeführt.

Umgehend löschen!

Sag nicht du hast NOD32 mal gecrackt verwendet!

Annalena · 27.07.2013, 18:20

Ist gelöscht !
Ich kenne mich mit so etwas nicht aus...wie gesagt, der PC gehört meinem Mann und mir und ich habe in diesem Forum lediglich gepostet, weil er sich aufgrund einer längeren Reise nicht selbst drum kümmern kann.
Aber so weit ich weiß verwendet er eigentlich auch keine gecrackten Programme.

Da er sich ab und zu selbst mal Hilfe bei Freunden/Bekannten bei PC Problemen (bei denen er selbst nicht weiterkam) geholt hat kann ich natürlich nicht vollständig ausschließen, dass nicht doch entsprechende Software verwendet worden ist.

Auf jeden Fall vielen lieben Dank für die Hilfe

LG
Annalena

cosinus · 28.07.2013, 22:18

Ok, dann bitte noch TFC ausführen um die Tempordner zu leeren:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Annalena · 08.08.2013, 20:15

So, ist alles erledigt.

Vielen Dank noch mal für die Hilfe

LG
Annalena

GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter