Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam (https://www.trojaner-board.de/129790-google-meldet-ungewoehnlichen-datenverkehr-rechner-bleibt-oefters-haengen-langsam.html)

brendiee 19.01.2013 15:20
Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam
 
Hallo,

dies ist jetzt der zweite und letzte Rechner, der von Google-Problemen betroffen ist. Beim Suchen über Google kommt ständig die Aufforderung, dass noch eine Sicherheitsabfrage beantwortet werden muss, ab und zu sind Suchanfragen komplett geblockt.

Mein Sohn nutzt den Rechner für soziale Netzwerke u.ä., wie ich vor kurzem feststellen musste, mit Administrator-Account. Der Rechner ist sehr langsam, er hat auch viel Mist runtergeladen. Ich würde gerne den Rechner komplett neu aufsetzen, wollte aber vorher mal fragen, ob ich bedenkenlos seine persönlichen Dateien, auf einer externen HDD zwischenspeichern und nach dem Neuaufsetzen wieder aufspielen kann ohne mögliche Infektionen zu verschleppen ?

Zum Neuaufsetzen: handelt sich um einen asus eee pc ohne CD/DVD. Würde ich über die normale recovery Funktion des Rechners machen, reicht das aus?

Bin nach Anleitung vorgegangen und habe als erstes defogger laufen lassen. Anbei die logs.

Code:
OTL logfile created on: 19.01.2013 13:50:20 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dangel\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 43,19% Memory free
3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 18,53 Gb Free Space | 18,53% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 14,76 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
 
Computer Name: WEBER-PC | User Name: Dangel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.19 13:34:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dangel\Downloads\OTL.exe
PRC - [2012.12.28 15:29:20 | 001,113,336 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspmain.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.06 16:23:02 | 001,252,840 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
PRC - [2012.11.06 16:22:56 | 000,581,280 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe
PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.08 20:11:20 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 17:44:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:44:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:44:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.27 21:54:09 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.08.24 03:06:34 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.24 03:06:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.08.09 23:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.07.01 03:52:52 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010.06.12 05:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2010.06.09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010.05.29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2009.09.11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2006.06.23 11:24:12 | 000,343,552 | ---- | M] (AVM Berlin GmbH) -- C:\Program Files\avmwlanstick\FRITZWLanMini.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 20:38:14 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.12 11:50:11 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.12 11:50:09 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.12 11:50:04 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.12 11:48:39 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.12 11:48:13 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.12 11:46:47 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.12 11:46:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.12 11:46:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.12 11:45:22 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.12.14 20:41:27 | 000,070,144 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
MOD - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2012.12.06 23:30:35 | 002,158,104 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 15:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.08.27 22:01:59 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.26258__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010.08.27 22:01:56 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010.06.15 08:24:18 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\AsusWSShellExt.dll
MOD - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.10 18:04:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.11.06 17:13:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 16:23:02 | 001,252,840 | ---- | M] (INCA Internet Co.,Ltd.) [Auto | Running] -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe -- (NSPUpdateService)
SRV - [2012.11.06 16:22:56 | 000,581,280 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe -- (NSPService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 17:44:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:44:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.07.22 22:19:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.19 06:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.08.24 03:06:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2012.12.26 09:11:50 | 000,181,248 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKFsAv.sys -- (TKFsAvM)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.06 16:20:08 | 000,033,632 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKPcFtCb.sys -- (TKPcFt)
DRV - [2012.11.06 16:20:08 | 000,020,576 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKFsFt.sys -- (TKFsFtM)
DRV - [2012.10.23 22:28:22 | 000,159,048 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\tkfwvt.sys -- (TKFWVT)
DRV - [2012.07.31 17:13:52 | 000,083,296 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\tkidsvt.sys -- (TkIdsVt)
DRV - [2012.07.03 15:07:20 | 000,125,120 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKCtrl2k.sys -- (TKCtrl)
DRV - [2012.05.08 17:44:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:44:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.27 00:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.03.28 10:55:58 | 000,031,840 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\tkfwfv.sys -- (TKFWFV)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.24 03:10:00 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.08.24 03:09:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010.08.24 03:06:28 | 006,095,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.24 03:06:04 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.10 10:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.03.31 02:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5012_4&babsrc=SP_clro&mntrId=6c72283000000000000020cf305a602a
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{2F3A55BC-04AC-45FA-960B-5B9256ABC8D1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FFE44915-53AC-4C67-A686-E1BFDF8D4C00&apn_sauid=57075325-132F-4CAB-A020-0A4B81D0BAF1
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081"
FF - prefs.js..extensions.enabledAddons: clipconverter@clipconverter.cc:1.2.4
FF - prefs.js..extensions.enabledAddons: sam@samfind.com:2.2.6
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.986.67
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=KW_clro&mntrId=6c72283000000000000020cf305a602a&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dangel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dangel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dangel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 17:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.11 21:59:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 17:13:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.17 06:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\Extensions
[2012.12.18 15:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions
[2012.03.29 17:48:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.02 16:16:55 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\ffxtlbr@funmoods.com
[2012.07.27 09:39:27 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\sam@samfind.com
[2012.11.12 18:37:52 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\toolbar@ask.com
[2012.07.30 09:12:28 | 000,009,439 | ---- | M] () (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\extensions\clipconverter@clipconverter.cc.xpi
[2012.07.27 09:39:27 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.11.12 18:37:52 | 000,002,308 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\askcom.xml
[2012.12.11 21:58:41 | 000,006,522 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\BrowserProtect.xml
[2012.12.02 16:17:45 | 000,002,349 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\Funmoods.xml
[2012.12.18 15:59:34 | 000,005,492 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\startpage-https---deutsch.xml
[2012.11.06 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.11 21:59:46 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.5.986.67\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012.11.06 17:13:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.31 21:36:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.11 21:58:41 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 21:36:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.31 21:36:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 21:36:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 21:36:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 21:36:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.1_0\
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe (eCareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [nProtect GameGuard Personal 3.0] C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspmain.exe (INCA Internet Co., Ltd.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004..\Run: [Facebook Update] C:\Users\Dangel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dangel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F283F57-47C9-4D84-9228-B91DB2580817}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62C3B49-879A-44C0-9BFE-1B3C9E313FFA}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.19 12:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.19 12:45:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013.01.19 12:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.19 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Dangel\AppData\Local\Programs
[2013.01.11 07:14:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.27 23:17:45 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions
[2012.12.27 23:17:44 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins
[2012.12.23 13:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.19 13:49:40 | 000,012,919 | ---- | M] () -- C:\Users\Dangel\Desktop\Unbenannt 1.odt
[2013.01.19 13:46:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.19 13:35:04 | 000,000,000 | ---- | M] () -- C:\Users\Dangel\defogger_reenable
[2013.01.19 13:34:36 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 13:34:36 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 13:31:33 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004UA.job
[2013.01.19 13:27:42 | 000,001,851 | ---- | M] () -- C:\Users\Dangel\Desktop\MySyncFolder.lnk
[2013.01.19 13:21:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.19 13:21:31 | 1408,589,824 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.19 12:45:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.19 08:25:02 | 000,001,142 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004UA.job
[2013.01.19 08:25:02 | 000,001,120 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004Core.job
[2013.01.17 07:05:03 | 000,000,274 | ---- | M] () -- C:\windows\tasks\PC Performer_UPDATES.job
[2013.01.17 07:04:37 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004Core.job
[2013.01.15 07:05:26 | 000,014,676 | ---- | M] () -- C:\Users\Dangel\Documents\Praktikum MBS verachiedene Fragen.odt
[2013.01.14 15:03:07 | 000,000,266 | ---- | M] () -- C:\windows\tasks\PC Performer_DEFAULT.job
[2013.01.12 11:40:40 | 000,309,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.01.08 20:02:26 | 000,012,012 | ---- | M] () -- C:\Users\Dangel\Documents\elotrixhdx klassen.odt
[2013.01.03 00:07:56 | 000,001,573 | ---- | M] () -- C:\Users\Dangel\Documents\pivot volltreffer looooooool.piv
[2012.12.28 23:04:44 | 000,287,648 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKToolu.dll
[2012.12.28 23:04:44 | 000,033,824 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKTool2k.sys
[2012.12.26 09:11:50 | 000,197,504 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKFsAvMU.dll
[2012.12.26 09:11:50 | 000,181,248 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKFsAv.sys
[2012.12.26 09:11:50 | 000,114,888 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKRgAc2k.sys
[2012.12.23 13:50:21 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.19 13:49:35 | 000,012,919 | ---- | C] () -- C:\Users\Dangel\Desktop\Unbenannt 1.odt
[2013.01.19 13:35:04 | 000,000,000 | ---- | C] () -- C:\Users\Dangel\defogger_reenable
[2013.01.19 12:45:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.12 12:26:38 | 000,014,676 | ---- | C] () -- C:\Users\Dangel\Documents\Praktikum MBS verachiedene Fragen.odt
[2013.01.08 16:20:48 | 000,012,012 | ---- | C] () -- C:\Users\Dangel\Documents\elotrixhdx klassen.odt
[2013.01.03 00:07:56 | 000,001,573 | ---- | C] () -- C:\Users\Dangel\Documents\pivot volltreffer looooooool.piv
[2012.12.23 13:50:21 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.12.02 16:16:58 | 000,290,500 | ---- | C] () -- C:\Users\Dangel\AppData\Local\funmoods-speeddial_sf.crx
[2012.12.02 16:16:51 | 000,031,465 | ---- | C] () -- C:\Users\Dangel\AppData\Local\funmoods.crx
[2012.11.13 18:11:30 | 001,511,424 | ---- | C] () -- C:\windows\System32\sn3win.dll
[2012.03.22 16:51:14 | 008,585,602 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Ciao Ciao Bella.mp4
[2012.03.22 16:50:04 | 012,975,538 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Homo Dance.mp4
[2012.03.22 16:48:06 | 015,381,230 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Papaya.mp4
[2012.03.22 16:45:52 | 015,576,142 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Hawaii Toast Song.mp4
[2011.08.24 17:39:06 | 000,000,911 | ---- | C] () -- C:\Users\Dangel\Eigene Dokumente - Verknüpfung.lnk
[2011.08.24 17:39:06 | 000,000,900 | ---- | C] () -- C:\Users\Dangel\Eigene Bilder - Verknüpfung.lnk
[2011.08.24 17:39:06 | 000,000,884 | ---- | C] () -- C:\Users\Dangel\Suchvorgänge - Verknüpfung.lnk
[2011.08.24 17:39:06 | 000,000,879 | ---- | C] () -- C:\Users\Dangel\Downloads - Verknüpfung.lnk
[2011.08.24 17:39:06 | 000,000,876 | ---- | C] () -- C:\Users\Dangel\Kontakte - Verknüpfung.lnk
[2011.08.24 17:39:06 | 000,000,682 | ---- | C] () -- C:\Users\Dangel\Desktop - Verknüpfung.lnk
[2011.03.31 21:04:44 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011.03.31 19:50:20 | 000,097,312 | ---- | C] () -- C:\windows\System32\drivers\Fwusb1b.bin
[2011.03.31 19:10:18 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.03.31 19:09:49 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.08.27 21:54:34 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASUS WebStorage
[2011.07.16 09:31:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bytemobile
[2011.07.30 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client
[2011.07.30 11:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP
[2011.07.16 09:31:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone
[2011.10.13 11:18:08 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\.minecraft
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\ASUS WebStorage
[2012.12.11 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Babylon
[2011.07.17 06:06:21 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Bytemobile
[2012.12.11 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Claro
[2012.09.20 20:11:23 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\DVDVideoSoft
[2012.04.21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.13 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\E-Cam
[2012.09.24 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\ExpressDownloader
[2012.03.27 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\gema
[2012.09.20 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\OpenCandy
[2011.09.04 20:08:57 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\OpenOffice.org
[2012.12.11 21:57:00 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\PerformerSoft
[2012.05.12 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\SoftGrid Client
[2012.09.20 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\TuneUp Software
[2011.11.12 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\uTorrent
[2011.07.17 06:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Vodafone
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012.03.21 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\.minecraft
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\ASUS WebStorage
[2011.07.17 06:08:30 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Bytemobile
[2012.03.26 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\DVDVideoSoft
[2012.03.27 12:05:42 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Spotify
[2011.07.17 06:08:30 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Vodafone
[2012.03.17 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\.minecraft
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\ASUS WebStorage
[2011.07.16 15:49:37 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\Bytemobile
[2012.03.27 21:04:18 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\gema
[2011.07.16 15:49:35 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\Vodafone
[2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\ASUS WebStorage
[2012.01.07 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\Bytemobile
[2011.03.31 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\E-Cam
[2012.01.07 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.17 06:08:32 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ˁ
[2011.07.17 06:08:32 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ˁ
[2011.07.16 09:00:31 | 000,000,059 | ---- | M] ()(C:\windows\System32\?´) -- C:\windows\System32\ˊ
[2011.07.16 09:00:31 | 000,000,059 | ---- | C] ()(C:\windows\System32\?´) -- C:\windows\System32\ˊ
[2011.07.13 12:16:14 | 000,000,059 | ---- | M] ()(C:\windows\System32\?o) -- C:\windows\System32\ǒ
[2011.07.13 12:16:14 | 000,000,059 | ---- | C] ()(C:\windows\System32\?o) -- C:\windows\System32\ǒ
[2011.07.13 12:15:20 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʻ
[2011.07.13 12:15:20 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʻ

< End of report >
Code:
OTL Extras logfile created on: 19.01.2013 13:50:20 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dangel\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 43,19% Memory free
3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 18,53 Gb Free Space | 18,53% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 14,76 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
 
Computer Name: WEBER-PC | User Name: Dangel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26D6E052-A400-473B-8D26-B751B7459116}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2AA168CE-1536-4131-988D-583D350FBE00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36A1E252-4C91-4056-BAB3-C465CE86F102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E2A74F9-C1B0-4175-8111-205C18142932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E150ECF-3FAF-40D4-B0F3-6756D7CF1C80}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF93AA93-1927-4208-B49B-ACFC1F64C5D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C88FD892-8A4E-4D7E-B49A-1A0CDA7244AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD0E68CC-8D46-4E66-A66F-B11E00D72380}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2DFB3EE-C8BA-4826-A4E2-D959BB3983E0}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06731A33-63FD-4B61-B974-15CACD298E4B}" = protocol=6 | dir=out | app=system |
"{08F69C89-CBC3-424C-9334-A370068F712E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A4FEBCF-2B86-42A8-8A20-FD31B043D769}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16AE505D-C675-42C6-B3BD-1D00EBC75FF0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19C0A252-E5FC-4838-8CEC-B4F44FDB52A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23CAD055-BC5D-48A4-9EC1-136744AB6141}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27599128-1FFE-4429-BE44-42547DF2AD23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{538BD15A-5FE3-4E21-917E-017A5E13182A}" = protocol=17 | dir=in | app=c:\program files\expressdownloader\expressdl.exe |
"{55683A6C-2606-496D-8337-398F20DC68A3}" = protocol=6 | dir=in | app=c:\program files\expressdownloader\expressdownloader.exe |
"{58A01965-4DCF-442D-AC70-E70C1A5C1D13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{602A34C3-E3A3-4A29-A020-1AFD30619D31}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{67F92EEF-36FF-4AAB-A622-5F40A0B2A73F}" = protocol=17 | dir=in | app=c:\program files\expressdownloader\expressdownloader.exe |
"{89A9493B-0374-44A9-8CC4-4C96D5FDD344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A330DF06-35E2-4E8B-9942-F5EC360D104B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7866882-BDEB-4B1E-A253-4A9172CF8191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADE35540-79EC-4E1E-B085-C3A081E452D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC37BBDC-DBC6-474E-B431-2C3290425F19}" = protocol=6 | dir=in | app=c:\program files\expressdownloader\expressdl.exe |
"{D656588E-2EB4-483C-8E2E-742625138C43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7A615E6-4198-4DCF-8343-4500CAEE3548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E439378A-8CD0-4C42-8795-D354A31B0CA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB604483-CC7A-48AC-AD92-26D086AF552C}" = dir=in | app=c:\users\dangel\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{136754FB-CF4C-4723-8F78-BD39E8F79738}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{165613FF-A57E-48F0-AB23-4A62DD913A37}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{53B22959-E7BA-40BA-8A76-E3B2AF5B0CE8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{561F1D73-07F6-4C40-933F-D17E5C7BBFCB}E:\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=e:\cossacks - the art of war\dmcr.exe |
"TCP Query User{E576FBDB-1BAA-45C8-8572-6EFEB24B4974}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FE4985EC-AA0E-40F4-9FEC-B8DA3C04AA62}E:\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=e:\cossacks - back to war\dmcr.exe |
"UDP Query User{158D598E-AB53-4E0F-933B-1EECC8C9FE4E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{33F5F9E5-7889-45CB-806B-5ED1CD0CC23A}E:\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=e:\cossacks - the art of war\dmcr.exe |
"UDP Query User{E0771D78-9353-4D87-A341-138C9511AFDA}E:\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=e:\cossacks - back to war\dmcr.exe |
"UDP Query User{E913E49C-6530-4DAF-AE16-52B7272B4F4A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{EED74ED1-A2F4-420C-908D-D219D6D865DF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EFC1EF16-E7B2-4434-B34D-E88A99FB0C11}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{08D0A290-E98B-62B5-A423-CAF77EF910F4}" = CCC Help Finnish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10BDB7F2-3760-49CC-3F02-4E10DC9C9D84}" = Catalyst Control Center Graphics Previews Vista
"{15787831-3BEE-3F24-CF5D-86A297C2BE34}" = Catalyst Control Center InstallProxy
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{18D33A7B-5EB5-64A9-6759-2D7EC4D085D0}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25D1FAA5-89E4-55A8-FABA-671E9B7C1BAF}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CA34767-F6D1-B207-2B61-0BC0F71888BA}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{321F3B6B-3736-C9BF-5273-BE3779059661}" = CCC Help Spanish
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4E9BB299-32C5-F701-F2F2-251903A6286A}" = CCC Help Danish
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50D570C5-9227-8756-06CE-1A69740ECF82}" = CCC Help Turkish
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65F69FE7-D0A0-9B54-1166-61697BC89701}" = ccc-core-static
"{6A193E0C-113E-ACE1-57E9-2CB4B7315AEB}" = CCC Help Greek
"{6AD81B3D-7411-5A4D-4312-072A0D33CAE9}" = ccc-utility
"{6F9375BA-521F-253A-F24D-F9332F2C4E9A}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89B48354-7F0E-EA42-ACDE-8BFA1AEC2114}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF7BEBB-0474-ED16-2E60-CE38B7E16D3E}" = CCC Help French
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BAB0084-8F54-CCC3-1CEA-AC5A303885BE}" = WMV9/VC-1 Video Playback
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D197A87-44B6-47D0-8A0D-B421208C9A26}" = nProtect GameGuard Personal 3.0
"{A3B4BDAA-7B03-43B1-804C-54B451EF9668}" = nProtect Security Platform
"{A5257FB6-14AA-1759-C61C-3A30EFE0DA6B}" = CCC Help Korean
"{A8C1B99F-7F88-1B7C-8338-DB4F5A567A07}" = CCC Help Norwegian
"{A9D6240D-5429-5988-EF3A-42528F4E9BFA}" = CCC Help Chinese Standard
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEC93D7E-F18F-55D0-B4C4-C1928D39C05A}" = CCC Help Hungarian
"{C006FC2F-87C6-475D-68FF-5F815642A0F9}" = CCC Help Czech
"{C186E4BD-8232-30D6-E4B5-E1473CA52BA3}" = CCC Help Russian
"{C365387E-8522-A75E-3285-13F45EC71AA0}" = CCC Help Thai
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C54467C6-7D42-5350-BDEB-7FE6761889D5}" = CCC Help Italian
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7F2111-1D57-E2CF-9F29-E276FB96ACE0}" = CCC Help German
"{F06BA163-14BB-4977-080B-A7FC89192532}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F49E63FC-4E83-E354-7199-B1DB08CC15A5}" = CCC Help English
"{F539B841-DF49-954D-ADE8-D9FB4EAD6E98}" = CCC Help Chinese Traditional
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FF401EA7-0185-E31F-96B3-2A00E14BDF94}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"claro" = Claro LTD toolbar 
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.8.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.19.412
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"funmoods" = Funmoods
"GIMP-2_is1" = GIMP 2.8.2
"HyperCam 2" = HyperCam 2
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"lmms" = LMMS 0.4.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"PC Performer_is1" = PC Performer
"ScreenSaverPatch_is1" = ScreenSaverPatch
"SonicShack Design Studio_is1" = SonicShack Designer Adobe AIR version
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"ExpressDownloader" = ExpressDownloader
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1638
 
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1638
 
Error - 19.01.2013 07:54:49 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2013 08:08:05 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2013 08:08:52 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2013 08:09:09 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2013 08:11:24 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2013 08:27:08 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 19.01.2013 08:27:44 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 19.01.2013 08:34:53 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
[ System Events ]
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
 
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
 
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
 
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
 
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
 
 
< End of report >
Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-19 14:47:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD25 rev.01.0 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Dangel\AppData\Local\Temp\kgloqpow.sys


---- System - GMER 2.0 ----

SSDT  8A05E30E                                                                                                          ZwCreateSection
SSDT  8A05E318                                                                                                          ZwRequestWaitReplyPort
SSDT  8A05E313                                                                                                          ZwSetContextThread
SSDT  8A05E31D                                                                                                          ZwSetSecurityObject
SSDT  8A05E322                                                                                                          ZwSystemDebugControl
SSDT  8A05E2AF                                                                                                          ZwTerminateProcess

Code  \??\C:\windows\system32\TKPcFtCb.sys                                                                              ObOpenObjectByPointer

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                          82E53A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                            82E8D4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                              82E9462C 4 Bytes  [0E, E3, 05, 8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                              82E94988 2 Bytes  [18, E3] {SBB BL, AH}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1556                                                                              82E9498B 1 Byte  [8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                              82E949CC 4 Bytes  [13, E3, 05, 8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                              82E94A48 4 Bytes  [1D, E3, 05, 8A]
.text  ...                                                                                                             
.text  C:\windows\system32\DRIVERS\atikmdag.sys                                                                          section is writeable [0x8E825000, 0x331648, 0xE8000020]
.text  user32.dll!DialogBoxParamW                                                                                        77593B9B 5 Bytes  [E9, D0, 0B, 33, FE] {JMP 0xfe330bd5}

---- User code sections - GMER 2.0 ----

.text  C:\windows\system32\SearchIndexer.exe[100] USER32.dll!DialogBoxParamW                                            77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[212] USER32.dll!DialogBoxParamW                          77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Windows\System32\AsusService.exe[272] USER32.dll!DialogBoxParamW                                              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Program Files\Bonjour\mDNSResponder.exe[392] USER32.dll!DialogBoxParamW                                        77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  ...                                                                                                             
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 00, 10, 00] {SUB [EAX], AL; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 1 Byte  [28]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 03, 10, 00] {SUB [EBX], AL; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 00, 10, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 01, 10, 00] {TEST AL, 0x1; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 02, 10, 00] {TEST AL, 0x2; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 01, 10, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 02, 10, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 00, 10, 00] {TEST AL, 0x0; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 01, 10, 00] {SUB [ECX], AL; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 02, 10, 00] {SUB [EDX], AL; ADC [EAX], AL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 1 Byte  [68]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 03, 10, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Program Files\OpenOffice.org 3\program\soffice.bin[4296] USER32.dll!DialogBoxParamW                            77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\windows\system32\svchost.exe[4404] USER32.dll!DialogBoxParamW                                                  77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 80, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 83, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 80, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 81, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 82, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 81, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 82, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 80, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 81, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 82, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 83, BA, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 24, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 27, 78, 00] {SUB [EDI], AH; JS 0x4}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 24, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 25, 78, 00] {TEST AL, 0x25; JS 0x4}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 26, 78, 00] {TEST AL, 0x26; JS 0x4}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 25, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 26, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 24, 78, 00] {TEST AL, 0x24; JS 0x4}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 25, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 26, 78, 00] {SUB [ESI], AH; JS 0x4}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 27, 78, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 54, 42, 00] {SUB [EDX+EAX*2+0x0], DL}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 57, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 54, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 55, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 56, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 55, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 56, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 54, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 55, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 56, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 57, 42, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 78, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 7B, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 78, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 79, 24, 00] {TEST AL, 0x79; AND AL, 0x0}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 7A, 24, 00] {TEST AL, 0x7a; AND AL, 0x0}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 79, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 7A, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 78, 24, 00] {TEST AL, 0x78; AND AL, 0x0}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 79, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 7A, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 7B, 24, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 98, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 9B, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 98, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 99, D8, 00] {TEST AL, 0x99; FADD DWORD [EAX]}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 9A, D8, 00] {TEST AL, 0x9a; FADD DWORD [EAX]}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 99, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 9A, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 98, D8, 00] {TEST AL, 0x98; FADD DWORD [EAX]}
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 99, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 9A, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 9B, D8, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, B4, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, B7, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, B4, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, B5, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, B6, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, B5, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, B6, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, B4, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, B5, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, B6, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, B7, 92, 00]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + 6              779D55CE 4 Bytes  [28, 0C, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + B              779D55D3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6        779D5C2E 4 Bytes  [28, 0F, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + B        779D5C33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + 6                779D5CDE 4 Bytes  [68, 0C, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + B                779D5CE3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + 6              779D5D8E 4 Bytes  [A8, 0D, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + B              779D5D93 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessToken + B        779D5DA3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + 6      779D5DAE 4 Bytes  [A8, 0E, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + B      779D5DB3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + 6              779D5E0E 4 Bytes  [68, 0D, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + B              779D5E13 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + 6          779D5E1E 4 Bytes  [68, 0E, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + B          779D5E23 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadTokenEx + B        779D5E33 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + 6      779D5F3E 4 Bytes  [A8, 0C, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + B      779D5F43 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryFullAttributesFile + B  779D5FF3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + 6      779D663E 4 Bytes  [28, 0D, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + B      779D6643 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + 6    779D669E 4 Bytes  [28, 0E, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + B    779D66A3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + 6      779D69BE 4 Bytes  [68, 0F, 06, 01]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + B      779D69C3 1 Byte  [E2]
.text  C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] USER32.dll!DialogBoxParamW              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] USER32.dll!DialogBoxParamW                              77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\windows\system32\svchost.exe[4928] USER32.dll!DialogBoxParamW                                                  77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Program Files\iPod\bin\iPodService.exe[5160] USER32.dll!DialogBoxParamW                                        77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  C:\Users\Dangel\Downloads\gmer-2.0.18444.exe[5752] USER32.dll!DialogBoxParamW                                    77593B9B 5 Bytes  JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text  ...                                                                                                             

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab4ae9                                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab4ae9 (not active ControlSet)                 

---- EOF - GMER 2.0 ----
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.19.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dangel :: WEBER-PC [Administrator]

19.01.2013 14:50:36
MBAM-log-2013-01-19 (15-07-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 298051
Laufzeit: 16 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 42
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.clarodskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.clarodskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Daten: Claro LTD Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Daten: hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bösartig: (hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 4
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Dateien: 17
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Claro LTD\claro\1.8.3.10\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Dangel\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Dangel\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt.

(Ende)

markusg 19.01.2013 15:54
Hi
Datensicherung is kein Prob.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

brendiee 20.01.2013 13:30
Super, schon mal vielen Dank für die Antwort.

Mach ich mich in den nächsten Tagen mal ran, alles abzuändern. Hatte nur Angst, dass ein eventueller Rootkit sich auf die externe HD kopiert.

Ist ein Fertig-PC:

Asus EEE PC 1215T mit Windows 7 Home ohne CD/DVD laufwerk (habe auch kein externes) mit recovery partition. Reicht das aus, das von der recovery partition zu machen oder sollte ich einen bootfähigen USB stick herstellen, da bräuchte ich aber ein paar Hinweise.

Nochmals vielen Dank!

markusg 20.01.2013 14:49
hi,
reicht von der recovery partition.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19