|
Log-Analyse und Auswertung: Trojaner gefunden / "Post sendung abholen" Targobank Trojaner"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.01.2013, 13:11 | #1 |
| Trojaner gefunden / "Post sendung abholen" Targobank Trojaner" Guten Tag, habe mir viele Trojaner / Viren eingefangen zum einem habe ich die bekannte Email mit "Post Sendung bei der Post abholen" geöffnet und dann hat jemand bei Targobank meine Zugansdaten gehackt und ich wurde aufgefordert TANS Nummer einzugeben.Ich habe den scann mit OTL gemacht und mit defogger. Das sind die Texte die ich kopiert habe / Bitte um Hilfe!OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.01.2013 12:54:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Salima\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 56,80% Memory free 12,19 Gb Paging File | 8,90 Gb Available in Paging File | 73,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,09 Gb Total Space | 448,23 Gb Free Space | 77,13% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 4,98 Gb Free Space | 33,23% Space Free | Partition Type: NTFS Computer Name: SALIMA-PC | User Name: Salima | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 12:54:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Salima\Desktop\OTL.exe PRC - [2013.01.10 15:50:39 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.01.05 04:43:57 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.07.27 12:51:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.01.31 20:02:11 | 001,053,848 | ---- | M] () -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe PRC - [2010.11.23 15:08:02 | 003,507,592 | ---- | M] (MARKEMENT) -- C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe PRC - [2010.06.09 22:30:45 | 000,192,512 | ---- | M] () -- C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe PRC - [2010.02.09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.09.18 23:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2009.09.17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2009.09.17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.05.07 17:26:12 | 001,683,456 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe PRC - [2009.05.07 14:59:00 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.02.26 13:46:40 | 000,147,456 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe PRC - [2008.05.16 04:51:24 | 000,741,376 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\MFP Server\App\Common\MFPAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 15:50:39 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.10 08:41:10 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\439eccf3a1fb34830a0a38cdf48afa08\System.Web.Services.ni.dll MOD - [2013.01.10 08:40:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.10 08:40:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 08:40:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.10 08:40:03 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 08:39:43 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll MOD - [2013.01.10 08:39:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 08:39:32 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll MOD - [2013.01.10 08:39:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013.01.10 08:39:21 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 08:39:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2013.01.05 04:44:13 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu MOD - [2010.06.09 22:30:45 | 000,192,512 | ---- | M] () -- C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe MOD - [2010.02.09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010.02.09 12:34:00 | 000,365,888 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2010.02.09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010.02.09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010.02.09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010.02.09 12:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2010.02.09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.09.17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2009.09.17 13:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2009.09.17 13:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2009.09.17 13:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2009.09.17 13:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2009.09.17 13:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2009.09.17 13:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2009.09.17 13:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2009.09.17 13:05:00 | 000,025,840 | ---- | M] () -- C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2009.09.17 13:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll MOD - [2009.09.17 13:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2009.09.17 13:04:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll MOD - [2009.09.11 12:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.03.30 05:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.05 11:12:08 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll MOD - [2009.02.09 18:26:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll MOD - [2009.02.09 18:26:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.11.09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.11.09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.10 15:50:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.11.09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.27 12:51:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.01.31 20:02:11 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2010.11.23 15:08:02 | 003,507,592 | ---- | M] (MARKEMENT) [Auto | Running] -- C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe -- (PCSUITEDFRGSVC) SRV - [2010.03.21 10:52:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.09.17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.26 13:46:40 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService) SRV - [2009.02.24 10:12:04 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2008.02.19 08:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device) SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.01 18:06:23 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2012.11.09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012.11.09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.11.09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.11.09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.11.09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.11.09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.11.09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.10.20 18:48:08 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.10 14:56:08 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.04.17 11:27:56 | 000,886,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.04.11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2008.09.28 13:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2008.09.28 09:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.05.23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2008.05.16 04:51:24 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\mfpec.sys -- (ALIWEHCD) DRV:64bit: - [2008.05.16 04:51:24 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mfpvbus.sys -- (WUSBVBus) DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) DRV - [2012.09.04 06:50:20 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=488&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=SAMSUNG_HD642JJ_S1JNJ90SB39187B39187X&ts=1356211696 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=SAMSUNG_HD642JJ_S1JNJ90SB39187B39187X&ts=1356211696 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.v9.com/web/?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.v9.com/web/?q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=488&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}&barid={B9DE4035-C7C6-4BE6-A7FC-D0B479CF74F2} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=SAMSUNG_HD642JJ_S1JNJ90SB39187B39187X&ts=1356211696 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{04E5A560-D0E6-41CA-96EF-10A727187CB4}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=PLTV52&o=100000018&src=kw&q={searchTerms}&locale=&apn_ptnrs=^E5&apn_dtid=^YYYYYY^YY^DE&apn_uid=147c7ac8-5f74-4ac4-bf0b-e023a11fcf4c&apn_sauid=170A0ED2-84F1-4D10-94C5-58D2A17517E8 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=72514de100000000000000265a78ced0&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{3376D211-6A07-4423-8486-780EABD64465}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.v9.com/web/?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=488&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{A35772F4-8FAE-483D-9124-31A93682D361}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{C55BD6C6-A0F1-4B1C-A71C-52CEC57D664D}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}&barid={B9DE4035-C7C6-4BE6-A7FC-D0B479CF74F2} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT3196716.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "v9" FF - prefs.js..browser.search.order.1: "v9" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://gmx.de/" FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1 FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.13.40.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 [2012.04.27 18:50:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.25 07:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.03 22:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.12.14 17:26:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 11:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 11:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.22 23:10:00 | 000,000,000 | ---D | M] [2012.12.01 17:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salima\AppData\Roaming\mozilla\Extensions [2012.12.22 22:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salima\AppData\Roaming\mozilla\Firefox\Profiles\qjoucy4j.default\extensions [2012.12.22 22:37:45 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\Salima\AppData\Roaming\mozilla\Firefox\Profiles\qjoucy4j.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2012.09.07 14:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Users\Salima\AppData\Roaming\mozilla\firefox\profiles\qjoucy4j.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi [2012.10.27 11:54:47 | 000,002,346 | ---- | M] () -- C:\Users\Salima\AppData\Roaming\mozilla\firefox\profiles\qjoucy4j.default\searchplugins\askcom.xml [2012.12.17 16:42:56 | 000,002,020 | ---- | M] () -- C:\Users\Salima\AppData\Roaming\mozilla\firefox\profiles\qjoucy4j.default\searchplugins\shop-suche.xml [2013.01.11 11:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.11 12:21:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.08 07:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.11 11:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.01.11 11:22:27 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2012.10.03 22:08:15 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.08 09:31:23 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.24 15:54:32 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.10.16 10:05:45 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.12.22 22:28:26 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20121022161601.dll (McAfee, Inc.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121022161601.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWOW64\Newtabs_v9.dll (Newtabs. inc) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos GmbH) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [GDI Manager] C:\Program Files (x86)\MFP Server\App\Common\MFPAgent.exe (Edimax Technology Co., Ltd.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MFP Manager] C:\Program Files (x86)\MFP Server\MFPAgent.exe -CheckAutoRun File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Server Application] C:\Windows\system32\ServoApp.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_2007_SE\TrayServer.exe (MAGIX AG) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Ecavbuqeli] C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe () O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos GmbH) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe (AVM Software Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{121A628E-A50B-4901-ABB7-6D82EB5787BE}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69233D62-C503-412A-AE76-4B799BF6DFFC}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95C09404-1DEC-42B3-8C5D-B28F0F3AB391}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA0D17CB-2458-4AC1-9130-050A794E7233}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F483EE14-4610-4E59-AF33-CBBC44BC9B06}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{12dd701b-4411-11e1-b968-a62d74efec4b}\Shell - "" = AutoRun O33 - MountPoints2\{12dd701b-4411-11e1-b968-a62d74efec4b}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{565a4e8e-10f5-11e1-b9a3-8d8948dda674}\Shell - "" = AutoRun O33 - MountPoints2\{565a4e8e-10f5-11e1-b9a3-8d8948dda674}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8a5985cc-7ca5-11e1-bb14-a1437514fb41}\Shell - "" = AutoRun O33 - MountPoints2\{8a5985cc-7ca5-11e1-bb14-a1437514fb41}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{b7dc4655-3bac-11e2-9a31-0024e82ae5aa}\Shell - "" = AutoRun O33 - MountPoints2\{b7dc4655-3bac-11e2-9a31-0024e82ae5aa}\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\{d5f73e45-0eab-11e1-a24f-00265a78ced0}\Shell - "" = AutoRun O33 - MountPoints2\{d5f73e45-0eab-11e1-a24f-00265a78ced0}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{d5f73e60-0eab-11e1-a24f-00265a78ced0}\Shell - "" = AutoRun O33 - MountPoints2\{d5f73e60-0eab-11e1-a24f-00265a78ced0}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 12:53:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Salima\Desktop\OTL.exe [2013.01.13 10:35:54 | 000,000,000 | ---D | C] -- C:\Users\Salima\AppData\Roaming\Malwarebytes [2013.01.13 10:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.13 10:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 10:35:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.13 10:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.13 10:35:22 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Salima\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 09:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.12.28 01:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.28 01:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2012.12.28 01:36:45 | 000,000,000 | ---D | C] -- C:\Users\Salima\AppData\Roaming\Fighters [2012.12.28 01:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2012.12.28 01:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2012.12.27 23:35:07 | 000,000,000 | R--D | C] -- C:\Sandbox [2012.12.27 22:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.27 22:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.27 22:10:31 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2012.12.27 22:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012.12.27 22:08:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Salima\Desktop\SpybotSD2_2.0.12.exe [2012.12.24 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.24 17:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.24 17:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.23 12:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.12.22 22:28:36 | 000,000,000 | ---D | C] -- C:\Users\Salima\Documents\Free MP3 Converter Output [2012.12.22 22:28:12 | 000,060,928 | ---- | C] (Newtabs. inc) -- C:\Windows\SysWow64\Newtabs_v9.dll [2012.12.22 22:28:12 | 000,000,000 | ---D | C] -- C:\User Data [2012.12.22 22:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 Converter [2012.12.22 22:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free MP3 Converter [2012.12.22 18:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdfdata [2012.12.22 18:48:22 | 000,000,000 | ---D | C] -- C:\Users\Salima\AppData\Roaming\Vave [2012.12.22 18:48:22 | 000,000,000 | ---D | C] -- C:\Users\Salima\AppData\Roaming\Itamw [2012.12.22 18:48:22 | 000,000,000 | ---D | C] -- C:\Users\Salima\AppData\Roaming\Avwoe [2010.01.07 17:03:05 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Salima\AppData\Roaming\DataSafeDotNet.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Salima\*.tmp files -> C:\Users\Salima\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 12:57:40 | 000,365,568 | ---- | M] () -- C:\Users\Salima\Desktop\gmer-2.0.18444.exe [2013.01.13 12:54:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Salima\Desktop\OTL.exe [2013.01.13 12:52:33 | 000,000,000 | ---- | M] () -- C:\Users\Salima\defogger_reenable [2013.01.13 12:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.13 12:49:21 | 000,050,477 | ---- | M] () -- C:\Users\Salima\Desktop\Defogger.exe [2013.01.13 12:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 12:00:34 | 000,018,169 | ---- | M] () -- C:\Users\Salima\Desktop\Rechnung_17592.pdf [2013.01.13 11:32:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 11:04:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 11:04:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 10:35:50 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 10:35:23 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Salima\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 09:04:48 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME [2013.01.13 09:04:27 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.13 09:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 21:00:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.11 11:22:34 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 19:23:29 | 000,000,513 | ---- | M] () -- C:\Users\Salima\Desktop\Kitap_Fuari_Son - Verknüpfung.lnk [2013.01.10 08:35:01 | 005,278,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 07:40:09 | 001,468,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.10 07:40:09 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.10 07:40:09 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.10 07:40:09 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.10 07:40:09 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.08 14:10:36 | 010,199,956 | ---- | M] () -- C:\Users\Salima\Desktop\buch-regeln.pdf [2013.01.08 11:19:43 | 000,437,822 | ---- | M] () -- C:\Users\Salima\Desktop\FLT_DR8QZK12693_0.pdf [2013.01.07 15:18:24 | 000,031,760 | ---- | M] () -- C:\Users\Salima\Desktop\rechnung 1und 1.pdf [2013.01.05 12:51:04 | 000,100,262 | ---- | M] () -- C:\Users\Salima\Desktop\Kitap_Fuari_Son.gif [2012.12.30 21:21:00 | 000,006,803 | ---- | M] () -- C:\Users\Salima\Desktop\13983992.jpg [2012.12.30 21:17:09 | 002,164,301 | ---- | M] () -- C:\Users\Salima\Desktop\titel.jpg [2012.12.30 15:13:14 | 000,043,407 | ---- | M] () -- C:\Users\Salima\Desktop\041136737-flieg-mit-skip-zum-regenbogen-m-audio-cd.jpg [2012.12.30 12:02:20 | 000,008,245 | ---- | M] () -- C:\Users\Salima\Desktop\180px-Zeichen_224.svg.png [2012.12.29 08:51:32 | 001,453,044 | ---- | M] () -- C:\Users\Salima\Desktop\de_Hisnul_Muslim.pdf [2012.12.28 12:12:28 | 000,001,456 | ---- | M] () -- C:\Users\Salima\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.12.28 01:50:50 | 000,001,398 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.12.28 01:19:16 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2012.12.28 01:19:16 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2012.12.27 22:10:43 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.27 22:08:28 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Salima\Desktop\SpybotSD2_2.0.12.exe [2012.12.26 17:37:39 | 000,503,098 | ---- | M] () -- C:\Users\Salima\Documents\ausweis21.jpg [2012.12.24 22:59:12 | 000,117,164 | ---- | M] () -- C:\Users\Salima\Desktop\562938_320351971389832_1485843710_n.jpg [2012.12.23 12:41:49 | 000,001,955 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.23 12:40:37 | 000,046,131 | ---- | M] () -- C:\Users\Salima\AppData\Local\nhesmfmo [2012.12.22 21:16:55 | 000,046,075 | ---- | M] () -- C:\Users\Salima\AppData\Local\rfcghcqc [2012.12.22 21:10:00 | 000,000,000 | ---- | M] () -- C:\Users\Salima\AppData\Roaming\SharedSettings.ccs [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Salima\*.tmp files -> C:\Users\Salima\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 12:52:33 | 000,000,000 | ---- | C] () -- C:\Users\Salima\defogger_reenable [2013.01.13 12:49:20 | 000,050,477 | ---- | C] () -- C:\Users\Salima\Desktop\Defogger.exe [2013.01.13 12:00:34 | 000,018,169 | ---- | C] () -- C:\Users\Salima\Desktop\Rechnung_17592.pdf [2013.01.13 10:35:50 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.11 11:22:34 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 19:23:29 | 000,000,513 | ---- | C] () -- C:\Users\Salima\Desktop\Kitap_Fuari_Son - Verknüpfung.lnk [2013.01.08 11:19:43 | 000,437,822 | ---- | C] () -- C:\Users\Salima\Desktop\FLT_DR8QZK12693_0.pdf [2013.01.07 15:18:24 | 000,031,760 | ---- | C] () -- C:\Users\Salima\Desktop\rechnung 1und 1.pdf [2013.01.05 21:07:44 | 010,199,956 | ---- | C] () -- C:\Users\Salima\Desktop\buch-regeln.pdf [2013.01.05 12:51:03 | 000,100,262 | ---- | C] () -- C:\Users\Salima\Desktop\Kitap_Fuari_Son.gif [2012.12.30 21:20:59 | 000,006,803 | ---- | C] () -- C:\Users\Salima\Desktop\13983992.jpg [2012.12.30 21:17:07 | 002,164,301 | ---- | C] () -- C:\Users\Salima\Desktop\titel.jpg [2012.12.30 15:13:07 | 000,043,407 | ---- | C] () -- C:\Users\Salima\Desktop\041136737-flieg-mit-skip-zum-regenbogen-m-audio-cd.jpg [2012.12.30 12:02:20 | 000,008,245 | ---- | C] () -- C:\Users\Salima\Desktop\180px-Zeichen_224.svg.png [2012.12.29 08:51:32 | 001,453,044 | ---- | C] () -- C:\Users\Salima\Desktop\de_Hisnul_Muslim.pdf [2012.12.27 22:11:00 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2012.12.27 22:10:59 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2012.12.27 22:10:57 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2012.12.27 22:10:43 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.27 22:10:43 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.27 21:53:44 | 000,001,398 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.12.26 17:37:36 | 000,503,098 | ---- | C] () -- C:\Users\Salima\Documents\ausweis21.jpg [2012.12.24 22:59:12 | 000,117,164 | ---- | C] () -- C:\Users\Salima\Desktop\562938_320351971389832_1485843710_n.jpg [2012.12.23 12:40:35 | 000,046,131 | ---- | C] () -- C:\Users\Salima\AppData\Local\nhesmfmo [2012.12.22 21:16:55 | 000,046,075 | ---- | C] () -- C:\Users\Salima\AppData\Local\rfcghcqc [2012.12.22 21:10:00 | 000,000,000 | ---- | C] () -- C:\Users\Salima\AppData\Roaming\SharedSettings.ccs [2012.10.01 17:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.26 10:39:21 | 000,001,456 | ---- | C] () -- C:\Users\Salima\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.09.25 15:27:47 | 000,001,460 | ---- | C] () -- C:\Users\Salima\AppData\Local\d3d9caps64.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.29 16:10:01 | 000,024,226 | ---- | C] () -- C:\Users\Salima\AppData\Roaming\UserTile.png [2011.02.10 15:17:20 | 000,002,708 | ---- | C] () -- C:\Users\Salima\AppData\Local\d3d9caps.dat [2011.01.31 20:02:11 | 001,053,848 | ---- | C] () -- C:\Windows\SysWow64\ieconfig_1und1_svc.exe [2010.11.27 11:54:14 | 000,000,258 | ---- | C] () -- C:\Users\Salima\AppData\Roaming\ANICONFIG_{69233D62-C503-412A-AE76-4B799BF6DFFC}.ini [2010.11.12 21:14:09 | 000,000,144 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.11.09 22:07:18 | 000,000,552 | ---- | C] () -- C:\Users\Salima\AppData\Local\d3d8caps.dat [2010.10.10 17:13:41 | 023,082,244 | ---- | C] () -- C:\Users\Salima\CLIP1288.AVI [2010.07.15 16:26:09 | 004,202,005 | ---- | C] () -- C:\Program Files\FileZilla_3.3.3_win32-setup.exe [2010.01.15 19:02:52 | 000,003,284 | ---- | C] () -- C:\Users\Salima\AppData\Roaming\ANIWZCS{69233D62-C503-412A-AE76-4B799BF6DFFC} [2010.01.09 18:23:37 | 000,039,936 | ---- | C] () -- C:\Users\Salima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.30 14:03:00 | 000,079,646 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.30 14:03:00 | 000,079,646 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.01.10 19:17:30 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.22 18:48:22 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Avwoe [2012.04.27 19:26:26 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\BullGuard [2010.03.21 11:25:50 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\com.adobe.ExMan [2011.06.13 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\DVDVideoSoft [2011.02.07 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\EPSON [2012.12.28 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Fighters [2012.10.16 19:25:56 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\FILEminimizerPictures [2013.01.13 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\FileZilla [2012.10.16 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Gutscheinmieze [2013.01.13 12:39:36 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Itamw [2012.10.27 11:56:32 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Paltalk [2011.03.30 09:17:36 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\PCDr [2012.12.28 15:23:14 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Philipp Winterberg [2012.11.25 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\RavensburgerTipToi [2010.10.05 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Scendix Software [2010.07.20 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\ScreeNet iSaver [2012.09.25 08:40:27 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.12.27 21:38:17 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Steganos [2012.12.22 18:48:22 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\Vave [2011.06.22 11:01:54 | 000,000,000 | ---D | M] -- C:\Users\Salima\AppData\Roaming\xVideoServiceThief ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Salima\CLIP1288.AVI:TOC.WMV < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 12:54:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Salima\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 56,80% Memory free 12,19 Gb Paging File | 8,90 Gb Available in Paging File | 73,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,09 Gb Total Space | 448,23 Gb Free Space | 77,13% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 4,98 Gb Free Space | 33,23% Space Free | Partition Type: NTFS Computer Name: SALIMA-PC | User Name: Salima | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 65 8E A3 45 A8 97 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0 "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Dell Support Center" = Dell Support Center "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor for Windows" = Dell Support Center "PROSetDX" = Intel(R) Network Connections 13.1.33.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0A948ECF-9E0A-ED8A-8905-35753A8944D3}" = Application Profiles "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1700C300-49DE-4C05-8826-509773E4E250}" = Acrobat X Pro "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese "{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9 "{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6 "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C009A918-0C06-45B3-AEF6-B1057307A643}" = Steganos Password Manager 12 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 EasyLogin" = 1&1 EasyLogin "1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "EPSON Scanner" = EPSON Scan "EPSON SX218 Series Manual" = EPSON SX218 Series Manual "FileZilla Client" = FileZilla Client 3.6.0 "Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602 "Free MP3 Converter_is1" = Free MP3 Converter "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Juz30_is1" = Juz30 2.2 Beta "Lego duplo Zoo" = Lego duplo Zoo Screen Saver "Lexmark X1100 Series" = Lexmark X1100 Series "MAGIX Video deluxe SE D" = MAGIX Video deluxe SE 6.5.4.2 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MARKEMENT_DEFRAG_PRO_is1" = PCSUITE DEFRAG "McAfee Security Scan" = McAfee Security Scan Plus "Mobile Partner" = Mobile Partner "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee SecurityCenter "MyTomTom" = MyTomTom 3.2.0.700 "Paltalk Messenger" = Paltalk Messenger 10.2 "Ravensburger tiptoi" = Ravensburger tiptoi "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.01.2013 06:16:13 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 09:05:24 | Computer Name = Salima-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 11.01.2013 09:06:07 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 16:13:25 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 05:27:36 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 09:35:51 | Computer Name = Salima-PC | Source = Application Error | ID = 1000 Error - 12.01.2013 09:37:07 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 15:09:13 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 13.01.2013 04:06:04 | Computer Name = Salima-PC | Source = WinMgmt | ID = 10 Description = Error - 13.01.2013 05:06:43 | Computer Name = Salima-PC | Source = RasClient | ID = 20227 Description = Error - 13.01.2013 06:15:00 | Computer Name = Salima-PC | Source = McLogEvent | ID = 5051 Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 3136 (0xc40) Thread address : 0x00000000771C6EBA Thread message : Build VSCORE.15.1.0.513 / 5500.1093 Object being scanned = \Device\HarddiskVolume3\Users\Salima\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\624F4246-00001B39.eml by C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) 5003(0)(0) 5002(0)(1) Error encountered while reading event logs. < End of report > das hier habe ich gefunden mit dem Malwarebytes Programm: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Salima :: SALIMA-PC [Administrator] Schutz: Aktiviert 13.01.2013 10:36:49 mbam-log-2013-01-13 (10-36-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 465264 Laufzeit: 1 Stunde(n), 44 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe (Trojan.Zbot.HEEP) -> 3908 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9} (PUP.NewTab.VCom) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ecavbuqeli (Trojan.Zbot.HEEP) -> Daten: C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Windows\SysWOW64\Newtabs_v9.dll (PUP.NewTab.VCom) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe (Trojan.Zbot.HEEP) -> Löschen bei Neustart. (Ende) |
13.01.2013, 14:40 | #2 |
| Trojaner gefunden / "Post sendung abholen" Targobank Trojaner" Das ist noch der GMER Text:
__________________GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-13 14:15:24 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD642JJ rev.1AA01117 596,17GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Salima\AppData\Local\Temp\fwdiqpod.sys ---- User code sections - GMER 2.0 ---- .text C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe[3908] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 000000007636418a 6 bytes [68, D6, BD, 41, 00, C3] .text C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe[3908] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763762d4 6 bytes [68, 66, BD, 41, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000773717d8 3 bytes [89, 17, 39] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000773717dc 1 byte [C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007738a370 4 bytes [68, 5E, 16, 39] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 000000007738a375 1 byte [C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773b4572 6 bytes [68, A9, AB, 37, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773b457d 6 bytes [68, 63, AB, 37, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 00000000773b45e0 6 bytes [68, 35, AC, 37, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 00000000773b45eb 6 bytes [68, EF, AB, 37, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 00000000750c1e70 6 bytes [68, F2, 19, 39, 00, C3] .text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4032] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 00000000750c9392 6 bytes [68, B1, 19, 39, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000773717d8 3 bytes [89, 17, 06] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000773717dc 1 byte [C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007738a370 4 bytes [68, 5E, 16, 06] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 000000007738a375 1 byte [C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773b4572 6 bytes [68, A9, AB, 04, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773b457d 6 bytes [68, 63, AB, 04, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 00000000773b45e0 6 bytes [68, 35, AC, 04, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 00000000773b45eb 6 bytes [68, EF, AB, 04, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000750c1e70 6 bytes [68, F2, 19, 06, 00, C3] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4452] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000750c9392 6 bytes [68, B1, 19, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000750c1e70 6 bytes [68, F2, 19, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000750c9392 6 bytes [68, B1, 19, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076458100 6 bytes [68, 44, 36, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076458178 6 bytes [68, 61, 38, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076458b19 6 bytes [68, C6, 48, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000076459151 6 bytes [68, 47, 30, 05, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000764591a8 6 bytes [68, DA, 30, 05, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000764595a8 6 bytes [68, 8C, 38, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076459c1e 6 bytes [68, 72, 37, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076459c69 6 bytes [68, 12, 36, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007645a14f 6 bytes [68, 07, 30, 05, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetDC 000000007645a17a 4 bytes [68, 89, 2F, 05] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007645a17f 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetWindowDC 000000007645a1be 4 bytes [68, C8, 2F, 05] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007645a1c3 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!RegisterClassW 000000007645aff2 6 bytes [68, 67, AE, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007645b68f 6 bytes [68, B4, AE, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!EndPaint 000000007645c09e 4 bytes [68, EE, 2E, 05] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!EndPaint + 5 000000007645c0a3 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!BeginPaint 000000007645c0bb 4 bytes [68, 7E, 2E, 05] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 000000007645c0c0 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!CallWindowProcW 000000007645c487 6 bytes [68, 99, AD, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetDCEx 000000007645e429 4 bytes [68, 2E, 2F, 05] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 000000007645e42e 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007645f2a0 6 bytes [68, 22, 37, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!SetCapture 000000007645f2ad 4 bytes [68, C8, 36, 06] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007645f2b2 1 byte [C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007645f623 6 bytes [68, E2, AD, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076461939 6 bytes [68, 01, AF, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000076463149 6 bytes [68, 53, AF, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076465c31 6 bytes [68, 39, 38, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076465e37 6 bytes [68, 11, 38, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!DefFrameProcW 000000007646687e 6 bytes [68, 7B, AC, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076466d81 6 bytes [68, 0D, AD, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076477299 6 bytes [68, 75, 4A, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!SwitchDesktop 000000007649259e 6 bytes [68, 45, AB, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076492a58 6 bytes [68, 8B, 36, 06, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000764abd3d 6 bytes [68, C4, AC, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000764abd61 6 bytes [68, 53, AD, 04, 00, C3] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000764b63dd 4 bytes [68, F5, AA, 04] .text C:\Windows\SysWOW64\conime.exe[4920] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000764b63e2 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000773717d8 3 bytes [89, 17, 06] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000773717dc 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007738a370 4 bytes [68, 5E, 16, 06] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 000000007738a375 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773b4572 6 bytes [68, A9, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773b457d 6 bytes [68, 63, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 00000000773b45e0 6 bytes [68, 35, AC, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 00000000773b45eb 6 bytes [68, EF, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 1 00000000773717d8 3 bytes [89, 17, 06] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 5 00000000773717dc 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077389475 8 bytes {MOV EDX, 0xf03a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007738947f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000773894ed 8 bytes {MOV EDX, 0xf01a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000773894f7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000773895f5 8 bytes {MOV EDX, 0xf0168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000773895ff 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007738969d 8 bytes {MOV EDX, 0xf03e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000773896a7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000773896cd 8 bytes {MOV EDX, 0xf0328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000773896d7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000773896e5 8 bytes {MOV EDX, 0xf0128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000773896ef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000773896fd 8 bytes {MOV EDX, 0xf04a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077389707 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007738972d 8 bytes {MOV EDX, 0xf04e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077389737 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000773897a5 8 bytes {MOV EDX, 0xf0468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000773897af 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000773897bd 8 bytes {MOV EDX, 0xf0428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000773897c7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077389805 8 bytes {MOV EDX, 0xf0068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007738980f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077389865 8 bytes {MOV EDX, 0xf02a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007738986f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000773898f5 8 bytes {MOV EDX, 0xf00a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000773898ff 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077389a2d 8 bytes {MOV EDX, 0xf0268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077389a37 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077389b35 8 bytes {MOV EDX, 0xf0028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077389b3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 000000007738a20d 8 bytes {MOV EDX, 0xf0228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007738a217 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007738a370 4 bytes [68, 5E, 16, 06] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 000000007738a375 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007738a9fd 8 bytes {MOV EDX, 0xf01e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 000000007738aa07 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 000000007738aa45 8 bytes {MOV EDX, 0xf0368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007738aa4f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007738aabd 8 bytes {MOV EDX, 0xf02e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 000000007738aac7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 000000007738acb5 8 bytes {MOV EDX, 0xf00e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007738acbf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773b4572 6 bytes [68, A9, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773b457d 6 bytes [68, 63, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 00000000773b45e0 6 bytes [68, 35, AC, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 00000000773b45eb 6 bytes [68, EF, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000750b0c0f 5 bytes JMP 00000001000100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000750b0c44 5 bytes JMP 00000001000100f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!CreateEventW 00000000750b1b2d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!OpenEventW 00000000750bf0c5 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000750c1e70 6 bytes [68, F2, 19, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000750c9392 6 bytes [68, B1, 19, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076458100 6 bytes [68, 44, 36, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076458178 6 bytes [68, 61, 38, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClientRect 000000007645840d 7 bytes JMP 00000001001105b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076458b19 6 bytes [68, C6, 48, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000076459151 6 bytes [68, 47, 30, 05, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000764591a8 6 bytes [68, DA, 30, 05, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007645920b 7 bytes JMP 0000000100110670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076459434 7 bytes JMP 00000001001106b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000764595a8 6 bytes [68, 8C, 38, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetTopWindow 000000007645973b 7 bytes JMP 0000000100110730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076459c1e 6 bytes [68, 72, 37, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076459c69 6 bytes [68, 12, 36, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076459c90 5 bytes JMP 00000001001105f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007645a14f 6 bytes [68, 07, 30, 05, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetDC 000000007645a17a 4 bytes [68, 89, 2F, 05] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007645a17f 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetWindowDC 000000007645a1be 4 bytes [68, C8, 2F, 05] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007645a1c3 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 000000007645a2a0 5 bytes JMP 00000001001102f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007645a71a 5 bytes JMP 00000001001102b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClassW 000000007645aff2 6 bytes [68, 67, AE, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007645b68f 6 bytes [68, B4, AE, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetParent 000000007645bebb 7 bytes JMP 00000001001106f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!EndPaint 000000007645c09e 4 bytes [68, EE, 2E, 05] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!EndPaint + 5 000000007645c0a3 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!BeginPaint 000000007645c0bb 4 bytes [68, 7E, 2E, 05] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 000000007645c0c0 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetCursor 000000007645c153 5 bytes JMP 0000000100110530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!CallWindowProcW 000000007645c487 6 bytes [68, 99, AD, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007645c657 5 bytes JMP 0000000100110570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetDCEx 000000007645e429 4 bytes [68, 2E, 2F, 05] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 000000007645e42e 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007645ec54 5 bytes JMP 00000001001104b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007645eca3 5 bytes JMP 0000000100110430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 000000007645f09d 7 bytes JMP 0000000100110630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007645f2a0 6 bytes [68, 22, 37, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetCapture 000000007645f2ad 4 bytes [68, C8, 36, 06] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007645f2b2 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007645f623 6 bytes [68, E2, AD, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076461939 6 bytes [68, 01, AF, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076462152 5 bytes JMP 00000001001100f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 000000007646216f 5 bytes JMP 0000000100110330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000764622f3 5 bytes JMP 00000001001100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!OpenClipboard 000000007646230e 5 bytes JMP 0000000100110070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007646254d 5 bytes JMP 00000001001103f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000076462568 5 bytes JMP 00000001001101f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000076462583 5 bytes JMP 00000001001101b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000076462620 5 bytes JMP 0000000100110370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000076462776 5 bytes JMP 0000000100110270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000076463149 6 bytes [68, 53, AF, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076465c31 6 bytes [68, 39, 38, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076465e37 6 bytes [68, 11, 38, 06, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!DefFrameProcW 000000007646687e 6 bytes [68, 7B, AC, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076466d81 6 bytes [68, 0D, AD, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!EmptyClipboard 000000007647727e 5 bytes JMP 0000000100110130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076477299 5 bytes JMP 0000000100064a75 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 000000007647741f 5 bytes JMP 0000000100110230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000764774bc 5 bytes JMP 0000000100110170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SwitchDesktop 000000007649259e 6 bytes [68, 45, AB, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076492a58 5 bytes JMP 000000010006368b .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000764abd3d 6 bytes [68, C4, AC, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000764abd61 6 bytes [68, 53, AD, 04, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000764b5c8c 5 bytes JMP 00000001001104f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000764b5f95 5 bytes JMP 0000000100110470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000764b610c 5 bytes JMP 00000001001103b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000764b63dd 4 bytes [68, F5, AA, 04] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2760] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000764b63e2 1 byte [C3] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016:3864] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016:3968] 0000000074fd3402 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016:4948] 00000000740a13dd Thread C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2296:2304] 000000007685f36f Thread C:\Windows\SysWOW64\ANIWConnService.exe [2348:2356] 000000007685f36f Thread C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe [2676:2824] 000000007685f36f Thread C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe [2676:5132] 0000000074fd3402 Thread C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe [2676:3680] 0000000074fd3402 Thread C:\Windows\SysWOW64\rundll32.exe [2720:1792] 0000000074fd3402 Thread C:\Windows\SysWOW64\rundll32.exe [2720:5512] 0000000074fd3402 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2856] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2860] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2864] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2868] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2872] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2876] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2880] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2884] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2888] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2892] 000000007685f36f Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844:2896] 000000005003bf18 Thread C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [2904:2916] 000000007685f36f Thread C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2924:2932] 000000007685f36f Thread C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2924:3188] 0000000074fd3402 Thread C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2924:5476] 0000000074fd3402 Thread C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [3000:3024] 000000007685f36f Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136:1984] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136:2788] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136:1044] 000000005003bf18 Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136:1116] 000000007685f36f Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136:1300] 000000005003bf18 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1580] 000000006202628d Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5492] 00000000620252c2 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3772] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5972] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5704] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1404] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1804] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1996] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5788] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5428] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5084] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5980] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:4640] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1536] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5224] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3724] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5576] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:2508] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3588] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5688] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:4924] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5816] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5648] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1120] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5372] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5928] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3600] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:2776] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1484] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5864] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5992] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5480] 000000007737dd19 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1104] 000000007740810d Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3956] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:2832] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:2280] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5316] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5940] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5388] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3708] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5644] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1012] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5796] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5948] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5460] 00000000738d6488 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5664] 00000000740a13dd Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:3152] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5516] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5964] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:2060] 0000000074fd3402 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:1564] 000000006c17c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3976:5284] 0000000074fd3402 Thread C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [5772:4068] 000000007685f36f Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:5000] 00000000620252c2 Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:5424] 0000000063aceb50 Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:5160] 0000000063aceb50 Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:3984] 000000007737dd19 Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:5484] 000000007740810d Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:4588] 0000000063aceb50 Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1456:1340] 0000000063aceb50 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2296] 0000000077340000 Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ANIWConnService.exe [2348] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe [2676] 0000000077340000 Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2720] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2844] 0000000077340000 Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [2904] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2924] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [3000] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2136] 0000000077340000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [5772] 0000000077340000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a631abe Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a631abe (not active ControlSet) ---- EOF - GMER 2.0 ---- |
19.01.2013, 15:47 | #3 |
/// Helfer-Team | Trojaner gefunden / "Post sendung abholen" Targobank Trojaner"Trojan.Zbot.HEEP C:\Users\Salima\AppData\Roaming\Avwoe\etzyw.exe Schlechte Nachrichten! Du hast eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern. Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ |
Themen zu Trojaner gefunden / "Post sendung abholen" Targobank Trojaner" |
avg secure search, bonjour, email, error, fehler, firefox, flash player, format, gmx.net, install.exe, logfile, mozilla, mp3, object, office 2007, phishing, plug-in, pup.loadtubes, pup.newtab.vcom, realtek, refresh, richtlinie, rojaner gefunden, rundll, safer networking, secure search, security, senden, server, siteadvisor, software, trojan.zbot.heep, trojaner, viren, vista, visual studio |