| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner „Ihavenet.com“ macht ÄrgerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2013, 17:53
| #1 |
| |  Trojaner „Ihavenet.com“ macht Ärger Hallo Zusammen, wie ich in diesem Forum erfahre, ist auch mein Laptop mit dem Viren „ihavenet.com“ (das Weiterleiten auf andere Seiten bei der Google-Suche mit Firefox oder Explorar) infiziert. Im IE geht das googlen allerdings als wäre nichts passiert. Mit meinem Antivirenprogramm (Avira, Freeware) habe ich bereits vor zwei Tagen meinen Laptop gescannt. Nichts Verdächtiges konnte gefunden werden. Mein Rechner arbeitet mit dem Betriebssystem Windows 7. Ich würde mich freuen, wenn jemand mir hierbei seine Hilfe anbieten würde. Im Anhang schicke ich die zur Analyse erforderlichen Dateien (Extra.txt und Gmer.txt). Die Datei OTL.txt kann auf Grund ihrer Größe (103,7 KB) leider nicht angehängt werden. Bei Bedarf kann diese Datei nachschicken. Vielen Dank im Voraus Gruß Carlos |
|
01.02.2013, 18:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner „Ihavenet.com“ macht Ärger Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.02.2013, 18:55
| #3 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo,
__________________Die geforderten Logs habe ich Dir vor 5 oder 6 Tagen vollständig zukommen lassen. Da ich seit dieser Zeit keine Antwort von Dir erhalten habe, weiß ich nicht, ob es bei der Übertragung etwas schief gelaufen ist oder deine Zeit zur weiteren Bearbeitung des Falls zurzeit knapp ist. Bitte gib mir eine Rückmeldung, ob Du die Daten von mir erhalten hast. Notfalls schicke ich Dir die Daten erneut. Gruß Carlos94jana |
|
11.02.2013, 23:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner „Ihavenet.com“ macht Ärger Nee, ich hab dich schon vor fast über zwei Wochen gefragt, warum du die Logs in den Anhang gelegt hast und dir erläutert, dass Logs im Anhang das Auswerten erschweren. Zudem fehlt von OTL das andere Log, du hast nur die Extras gepostet. Ist aber egal, ich brauch neue OTL-Logs nach so einer langen Zeit
Und danach bitte MBAR ausführen, falls du hast auch alle anderen Logs von Malwarebytes posten: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2013, 23:13
| #5 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo Cosinus, danke für deine Rückmeldung. Ich habe die OTL.exe aktuell ausgeführt und schicke Dir die Ergebnisse. Des Weiteren erhältst Du die Logfile von MBAR. Die anderen zwei Logs (Extra.txt und GMER.txt) muss ich Dir aufgrund der Dateigröße nachschicken. Ich bin nun gespannt, wie es weiter geht. Viele Grüße Carlos Code:
ATTFilter OTL logfile created on: 12.02.2013 20:14:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gast\Desktop\Virus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,88% Memory free 7,71 Gb Paging File | 5,51 Gb Available in Paging File | 71,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 353,97 Gb Free Space | 78,63% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Gast\Desktop\Virus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation) DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{7C31A197-6CBE-4C4C-A5D6-D0B30A5EDB96}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38 IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{D6013B2D-630C-4806-96C3-F1146008A5EE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms} IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes,DefaultScope = {678EB474-871B-40AE-88FC-0EDE8FF34305} IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes\{678EB474-871B-40AE-88FC-0EDE8FF34305}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes\{D58EADF2-A853-49E3-8939-E21415945177}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=bdb4448a-c5ce-428e-b6d1-6c608b79b0e2&apn_sauid=4314E8A9-5322-4B41-A731-72ADB2E704D5 IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_ptnrs=%5EAGS&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.18 15:02:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.01 21:27:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.11 20:09:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.11 20:09:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.02 22:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.31 23:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions [2012.12.01 12:25:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.09.15 10:55:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\ich@maltegoetz.de [2013.01.31 17:21:21 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.01.31 23:23:18 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\toolbar@ask.com [2012.12.13 21:35:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.24 18:27:19 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.12.20 21:54:16 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\searchplugins\askcom.xml [2013.01.18 14:53:22 | 000,002,306 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\searchplugins\askcomsearch.xml [2013.02.11 20:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.11 20:09:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe () O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{621A1FC3-E796-41BA-8B72-7208229F7427}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4C2637F-528D-41BC-8DB9-A519BED05FA4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{610a236c-b0ad-11e0-82f2-1c7508e3bfa3}\Shell - "" = AutoRun O33 - MountPoints2\{610a236c-b0ad-11e0-82f2-1c7508e3bfa3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.11 20:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.08 14:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013.02.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2013.02.02 01:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.02.02 01:08:22 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2013.02.02 01:08:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2013.02.02 01:08:21 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2013.02.02 01:08:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2013.02.02 01:08:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2013.02.02 01:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.02.01 21:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.02.01 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24 [2013.02.01 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue [2013.02.01 21:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013.02.01 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2013.02.01 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files [2013.02.01 21:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.02.01 21:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.02.01 21:27:14 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.02.01 13:26:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.01.31 23:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.31 23:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.01.31 23:21:55 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.31 23:21:55 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.31 23:21:55 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.31 23:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.31 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board-Dateien [2013.01.31 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus [2013.01.31 18:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.31 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.31 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.31 18:27:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.31 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.31 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.01.31 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.01.31 17:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.01.31 17:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.01.31 17:22:20 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.31 17:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2013.01.31 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2013.01.31 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.01.31 17:20:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.01.31 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.31 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.31 17:09:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.27 09:43:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin [2013.01.27 09:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.01.24 18:27:30 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing [2013.01.24 18:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2013.01.24 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller [2013.01.15 06:53:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.15 06:53:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.15 06:53:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll ========== Files - Modified Within 30 Days ========== [2013.02.12 19:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 10:36:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 10:36:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 10:29:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.02.12 10:29:10 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\ZMBEOY.job [2013.02.12 10:29:06 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2013.02.07 13:42:28 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.07 13:42:28 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.07 13:42:28 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.07 13:42:28 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.07 13:42:28 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.01 21:27:35 | 000,001,005 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk [2013.01.31 23:23:24 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.31 23:15:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.31 23:15:49 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.31 23:15:48 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.31 22:11:18 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.31 20:40:50 | 000,154,710 | ---- | M] () -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board.htm [2013.01.31 18:27:11 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.31 18:14:29 | 000,020,929 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.31 17:22:20 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.15 18:00:02 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2013.02.01 21:27:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job [2013.02.01 21:27:35 | 000,001,005 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk [2013.01.31 23:23:24 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.31 22:11:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.31 20:40:49 | 000,154,710 | ---- | C] () -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board.htm [2013.01.31 18:27:11 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 11:03:39 | 000,020,929 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.15 17:59:32 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.06 16:14:13 | 000,126,976 | RHS- | C] () -- C:\Windows\SysWow64\d3dimo.dll [2012.02.21 18:37:38 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2011.10.08 17:54:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.23 08:30:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.08.23 08:30:03 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.07.11 15:06:52 | 000,709,829 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.07.02 22:37:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.07.02 21:12:14 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.31 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.10.13 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.10.13 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.11 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2012.04.23 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaunchPad [2011.07.09 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2013.02.01 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2013.01.28 14:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2013.02.02 01:08:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.07.04 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS [2012.12.06 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.07.02 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.07.19 21:08:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.02.01 21:27:39 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Uniblue [2011.07.03 10:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower [2011.07.02 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2013.01.31 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.02.01 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2013.02.03 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.07.20 08:10:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.09.21 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower [2013.02.11 15:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2012.12.28 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [administrator]
12.02.2013 21:56:58
mbar-log-2013-02-12 (21-56-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30948
Time elapsed: 7 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
12.02.2013, 23:38
| #6 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo Cosinus, hier die zwei fehlenden Logs (Extra.txt und GMER.txt), die allerdings vom 31.01.2013 sind. Irgendwie klappt es nicht, dass ich Dir aktuelle Logs schicke. Wenn diese für deine weitere Bearbeitung zu alt sind, werde ich versuchen, Dir neue zu schicken. Vielen Dank und viele Grüße Carlos Code:
ATTFilter OTL Extras logfile created on: 31.01.2013 22:16:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 61,09% Memory free
7,71 Gb Paging File | 5,95 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 383,32 Gb Free Space | 85,15% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0838C4EF-BB5F-4A61-A2ED-C426D43668A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FC812A9-EEDB-443F-9B17-67B2856F8E58}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{169FD497-0388-4E6F-B308-B4F66B739E41}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C5CC1A4-A385-4117-9517-736D4DC9C215}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A9E77D0-9124-49BD-91AA-41BB75F50700}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BAE89B1-0B93-4BFF-A1F0-09124E46BAE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C7261DD-8571-4BCC-9080-B98E2D644F8F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77563DF8-A870-4354-94F5-E3D2E23DCDF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7BDC3E0B-767F-4C42-847C-5FD0261BB929}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7CEDB4E0-7F74-43F5-AE4B-6919D935FF79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8C069B17-D3F7-4F3C-99D7-88EE2042A2ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFF956E7-97CB-48A9-8CE6-F1253DBBC0D8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B08F5587-93C0-4A69-8CB2-F8218D0A15DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B87D40CC-D692-4C65-B51B-5E2559025562}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF21ECB1-1714-467C-8CA2-DB6BB29A4B61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF6E95B6-2342-430A-8E2B-211E3AF619A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D12B7B98-5BD2-4B90-A2AB-23B03DACFDF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D84D82B9-CBDB-4962-872A-26AF8029E126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB7B465C-994F-4E2D-90B3-F511EB3699DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E43C3D40-948A-44AD-89A1-D099D14CB873}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8D817A3-53F2-4178-8A25-9FE14E6D3CAE}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4A9DC2C-FD37-4D11-B8C7-661D3BBB3BA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5C26126-B78D-4324-8A89-448B644FF536}" = lport=445 | protocol=6 | dir=in | app=system |
"{F94702D7-1651-4866-BC1D-34E1C005B091}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA37B601-B48E-4743-921A-29C962EEBE66}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428C723-B3DB-4151-A7FC-3BAF9941E0C8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{05E4D556-BA85-41AB-BFF9-8EBA13A639EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09E81402-25EA-4645-972E-22BABC42A1BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{134662B5-AD59-413B-BD48-95103E7770F5}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{188D7894-AD37-4857-AB45-291A4DDB9983}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23194B81-F57E-4806-B463-CC5C81CDF8F9}" = protocol=6 | dir=in | app=c:\users\gast\downloads\winrarsdm.exe |
"{35803681-565C-46DD-8A43-97D5032D5507}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{50EE1F0A-BF2E-4667-9FE0-CCEA698043AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{586BE6C5-914B-4064-8FC7-8DB7649DBBD3}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{5E391963-324D-4EFD-A486-56600BC13C17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66A513C3-0BFB-4202-A91B-70978B9C53B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{718B655F-90AB-47D1-A937-EDDA8B2D29C1}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{72B62DD4-D38B-4D91-8D71-48C8893468D7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{74D8A04A-B7F1-46A9-ADE7-E3E0B66A11F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FD1FFD2-03DC-4AA3-9183-324AF79502EF}" = protocol=6 | dir=out | app=system |
"{8798FAD1-24F8-42E4-A9F8-5374C1CBC429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{879E00D9-1214-48C3-B67A-59DAF46CCAA6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E2D0844-0A1E-4848-8CFE-50BB70F8D8DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E86A7E2-86D4-4E80-9F92-C414253747A0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{90DB343E-7B74-4628-A39A-F61BB3502DFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91968B9F-E0DB-43AD-89DF-BBEB92370092}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{A50F0D8E-3201-44E2-A7EB-8DE6B5EEF17A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC32F6EE-5C4C-4DD9-A119-E60A22F9D023}" = protocol=17 | dir=in | app=c:\users\gast\downloads\winrarsdm.exe |
"{ACD98DC0-0EEF-4C3E-B311-5E8CC872CD93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6034B8A-ED3C-4585-B6A8-83B829FA8618}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B63F80F4-B33F-4FC0-8E4A-61F0B5A4700F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C24CB2D0-8193-4580-A673-792EEC41627B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7991566-98FF-41B6-8F33-8750ECFC2DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C920367D-1001-4D8E-B567-C53778CE0545}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C9FC742A-CAF6-4DE5-B10E-14A99CD3EF0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC925F15-5981-4B97-A0A2-A662FA8C576F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF26AFB1-23F0-443F-B37B-2025B6309B8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1B683C2-52AD-4DE8-8691-B113D57DC892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E3FDB8-90D1-46AE-8810-A10557BA4F1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF99C165-72A1-40E8-820B-1F34B496C9F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0823795-BA73-401F-AA1A-8AC431E46A14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD14E2D0-7E7F-4FBC-9A51-A5478A53C4DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{5FA97CCB-BE40-4D20-BA72-2878D40F1628}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{6448C290-E26E-4F2A-9445-D6792B93C5B8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A2FAAA8E-1640-479E-8785-6613627C9594}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A72BBB3A-DE61-4187-9B49-F8C1B0B6C5DB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DD1AF59-5121-421F-B92D-EEBF3F20345A}" = Official Video Converter
"{50C913B1-A091-48B8-A434-6C9670284888}" = Garmin Training Center
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2A88B8-AE67-11D5-8E9A-00505687E101}" = GLASER -isb conference-
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE514E8-4486-4730-8B68-FA15EEDC942E}" = Watchtower Library 2011 - Deutsch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2754CA-B124-4530-9542-00FE699EA8FD}" = Watchtower Library 2010 - Deutsch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f3b75363-fa28-46b2-9d9f-112252157a7b}" = Nero 9 Essentials
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"RealPlayer 15.0" = RealPlayer
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR Bundle by SweetPacks" = WinRAR Bundle by SweetPacks
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.06.2012 17:47:21 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14b0 Startzeit:
01cd53e4c246c0cb Endzeit: 60000 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE
Berichts-ID:
34bc8ce3-bfd8-11e1-a039-1c7508e3bfa3
Error - 26.06.2012 17:47:42 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4b0 Startzeit:
01cd53e50ce98740 Endzeit: 60000 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE
Berichts-ID:
5dc43bbf-bfd8-11e1-a039-1c7508e3bfa3
Error - 26.06.2012 17:48:03 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11d0 Startzeit:
01cd53e538704938 Endzeit: 17794 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE
Berichts-ID:
8035b94b-bfd8-11e1-a039-1c7508e3bfa3
Error - 26.06.2012 17:53:40 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13b4 Startzeit:
01cd53e5edb008df Endzeit: 13 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE Berichts-ID:
5d11ab9c-bfd9-11e1-a039-1c7508e3bfa3
Error - 29.06.2012 13:11:58 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b2c Startzeit:
01cd561523028a9d Endzeit: 36 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
7f99e78c-c20d-11e1-99ca-1c7508e3bfa3
Error - 30.06.2012 01:32:35 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 02.07.2012 11:30:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.07.2012 04:40:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.07.2012 09:50:09 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1590 Startzeit:
01cd5f272aea7266 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
421fc6ff-cb5f-11e1-a24b-1c7508e3bfa3
Error - 19.07.2012 15:34:23 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ System Events ]
Error - 31.01.2013 12:37:00 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:37:11 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:38:07 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:39:07 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 12:41:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 31.01.2013 14:17:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 31.01.2013 14:41:22 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-01-31 22:59:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldapow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] ? C:\Windows\system32\mssprxy.dll [2908] entry point in ".rdata" section 00000000741c71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007745f991 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007745f99b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007745fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007745fa17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007745fb25 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007745fb2f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007745fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007745fbdf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007745fc05 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007745fc0f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007745fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007745fc27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007745fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007745fc3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007745fc65 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007745fc6f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007745fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007745fcef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007745fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007745fd07 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007745fd49 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007745fd53 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007745fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007745fdb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007745fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007745fe4b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007745ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007745ff93 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077460099 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000774600a3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077460781 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007746078b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077460ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077461007 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007746105d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077461067 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774610a5 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000774610af 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007746111d 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077461127 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077461321 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007746132b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007501103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075011072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075cc119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075cc11cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075344de0 5 bytes JMP 00000001001203b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075344f70 5 bytes JMP 00000001001205f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753451a2 5 bytes JMP 00000001001208f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007534522d 5 bytes JMP 0000000100120a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075345689 5 bytes JMP 00000001001201b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753458b3 5 bytes JMP 0000000100120170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075346bad 5 bytes JMP 0000000100120370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075346e05 5 bytes JMP 0000000100120570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075346ead 5 bytes JMP 0000000100120530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075347180 5 bytes JMP 00000001001206b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075347435 5 bytes JMP 0000000100120770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075347bcc 5 bytes JMP 00000001001200b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075347dc4 5 bytes JMP 00000001001203f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075347fd5 5 bytes JMP 0000000100120d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753482b2 5 bytes JMP 0000000100120e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075348401 5 bytes JMP 00000001001209f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007534879f 5 bytes JMP 00000001001202f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075348916 5 bytes JMP 00000001001205b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075348b7a 5 bytes JMP 0000000100120970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075348ee6 5 bytes JMP 0000000100120470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075349875 5 bytes JMP 0000000100120c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075349936 5 bytes JMP 0000000100120d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007534a53a 5 bytes JMP 00000001001209b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007534af9f 5 bytes JMP 0000000100120330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!LineTo 000000007534b9e5 5 bytes JMP 0000000100120430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007534bd55 5 bytes JMP 0000000100120db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007534c040 5 bytes JMP 0000000100120130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007534c107 5 bytes JMP 0000000100120670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007534c269 5 bytes JMP 00000001001206f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007534d1f1 5 bytes JMP 0000000100120df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007534d349 5 bytes JMP 0000000100120630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007534dce4 5 bytes JMP 0000000100120930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007534e743 5 bytes JMP 00000001001200f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753503b7 5 bytes JMP 00000001001202b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!Escape 0000000075351bda 5 bytes JMP 0000000100120270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075351e89 5 bytes JMP 0000000100120cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075354843 5 bytes JMP 0000000100120b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075355690 5 bytes JMP 0000000100120b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075356bde 5 bytes JMP 0000000100120230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ResetDCW 000000007535e2db 5 bytes JMP 0000000100120ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007536940d 5 bytes JMP 0000000100120cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007536c621 5 bytes JMP 0000000100120bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007536d2b2 5 bytes JMP 0000000100120bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007536d919 5 bytes JMP 0000000100120c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075373adc 5 bytes JMP 0000000100120030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075373f29 5 bytes JMP 00000001001201f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StartPage 000000007537401a 5 bytes JMP 0000000100120730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075374c51 5 bytes JMP 00000001001207f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000753753fd 5 bytes JMP 0000000100120830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075375454 5 bytes JMP 0000000100120af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000753754af 5 bytes JMP 0000000100120070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075375506 5 bytes JMP 0000000100120a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007537573f 5 bytes JMP 00000001001207b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!FillPath 00000000753757d2 5 bytes JMP 0000000100120870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075375c44 5 bytes JMP 00000001001204f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075375cd5 5 bytes JMP 00000001001204b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075375d87 5 bytes JMP 00000001001208b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000075b08c40 5 bytes JMP 0000000100130570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000075b09ebd 5 bytes JMP 00000001001302b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000075b10afa 5 bytes JMP 00000001001302f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000075b10c62 7 bytes JMP 00000001001305b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetParent 0000000075b10f68 7 bytes JMP 00000001001306f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075b1112d 7 bytes JMP 00000001001306b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075b112a5 5 bytes JMP 00000001001305f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000075b1227d 7 bytes JMP 0000000100130670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000075b13150 7 bytes JMP 0000000100130630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075b141f6 5 bytes JMP 0000000100130530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000075b168ef 5 bytes JMP 0000000100130270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075b177fa 5 bytes JMP 0000000100130230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075b17887 7 bytes JMP 0000000100130730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075b18676 5 bytes JMP 00000001001300f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000075b18696 5 bytes JMP 0000000100130330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000075b18e8d 5 bytes JMP 00000001001300b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075b18ecb 5 bytes JMP 0000000100130070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000075b1c17b 5 bytes JMP 0000000100130430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000075b1c449 5 bytes JMP 00000001001301b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000075b1c468 5 bytes JMP 00000001001303f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000075b1c486 5 bytes JMP 00000001001301f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b1c4b6 5 bytes JMP 00000001001304b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075b1d6c0 5 bytes JMP 00000001001304f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000075b1e360 5 bytes JMP 0000000100130370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075b48e57 5 bytes JMP 0000000100130170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075b49cfd 5 bytes JMP 0000000100130770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075b49f1d 5 bytes JMP 0000000100130030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075b67cb9 5 bytes JMP 0000000100130130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075b68111 5 bytes JMP 0000000100130470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000075b6832f 5 bytes JMP 00000001001303b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074fb9606 5 bytes JMP 00000001001400f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074fc0581 5 bytes JMP 0000000100140130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074fc0bb9 5 bytes JMP 0000000100140270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074fc0c2e 5 bytes JMP 00000001001401b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074fc0f2e 5 bytes JMP 0000000100140070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074fc1096 5 bytes JMP 00000001001400b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074fc124e 5 bytes JMP 00000001001401f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074fc129d 5 bytes JMP 0000000100140230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074fc1527 5 bytes JMP 0000000100140030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074fc1590 5 bytes JMP 0000000100140170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000751e0045 5 bytes JMP 0000000100150030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000751e36b2 5 bytes JMP 0000000100150070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007520fdcd 5 bytes JMP 00000001001500b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes [17, 75] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes [17, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes [17, 75] ---- Threads - GMER 2.0 ---- Thread C:\Windows\SysWOW64\rundll32.exe [1264:1632] 00000000002e3740 Thread C:\Windows\SysWOW64\rundll32.exe [1264:1636] 0000000000253a80 Thread C:\Windows\SysWOW64\rundll32.exe [1264:1856] 0000000000253a10 Thread C:\Windows\SysWOW64\rundll32.exe [1264:5456] 0000000000395cfe Thread C:\Windows\SysWOW64\rundll32.exe [1264:5460] 0000000000392ea6 Thread C:\Windows\SysWOW64\rundll32.exe [1264:5464] 00000000003933de ---- EOF - GMER 2.0 ---- |
|
13.02.2013, 11:04
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner „Ihavenet.com“ macht Ärger Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2013, 20:28
| #8 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo Cosinus, ich habe von Avira ein Free Antivirus-Programm, mit welchem ich mein PC auf Viren untersucht hatte, kurz bevor ich erstmalig mein Problem mit dem Trojaner-Inhavenet auf dem Forum Trojaner-Board.de veröffentlich hatte. Nachdem Du mich nun auf „ weitere Logs mit Befund“ aufmerksam gemacht hast, habe ich mir soeben das Ergebnis der letzten Virenscanners angeschaut. Da fallen mir zwei Befunde auf, die ich Dir hiermit poste. Gruß Carlos Code:
ATTFilter Exportierte Ereignisse:
01.02.2013 16:37 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\d3dimo.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
01.02.2013 16:33 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\d3dimo.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
14.02.2013, 11:06
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner „Ihavenet.com“ macht Ärger Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2013, 10:50
| #10 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo , Combofix wurde ausgefürt. Hier das Ergebnis: Viel Erfolg und Danke. Gruß Carlos Code:
ATTFilter ComboFix 13-02-15.01 - *** 17.02.2013 10:29:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.1998 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\4.0
c:\users\Gast\4.0
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-17 bis 2013-02-17 ))))))))))))))))))))))))))))))
.
.
2013-02-17 09:35 . 2013-02-17 09:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-17 09:35 . 2013-02-17 09:35 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-02-17 09:35 . 2013-02-17 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 18:37 . 2013-02-15 18:37 -------- d-----w- c:\users\***\AppData\Roaming\PDF Architect
2013-02-15 15:43 . 2013-02-15 15:43 -------- d-----w- c:\users\***\AppData\Local\ElevatedDiagnostics
2013-02-13 19:03 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 19:03 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 19:03 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 19:03 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 19:01 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 19:01 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 19:01 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 19:01 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 19:01 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 19:01 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 19:01 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 19:00 . 2012-12-26 05:47 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:00 . 2012-12-26 04:49 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 09:46 . 2013-02-14 14:28 -------- d-----w- c:\users\Gast\AppData\Local\Mozilla Firefox
2013-02-11 14:42 . 2013-02-11 14:42 -------- d-----w- c:\users\Gast\AppData\Roaming\WildTangent
2013-02-08 13:30 . 2013-02-08 13:30 -------- d-----w- c:\programdata\Uniblue
2013-02-02 00:08 . 2013-02-02 00:08 -------- d-----w- c:\users\***\AppData\Roaming\pdfforge
2013-02-02 00:08 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-02-02 00:08 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-02-02 00:08 . 2013-02-02 00:08 -------- d-----w- c:\program files (x86)\PDFCreator
2013-02-02 00:08 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-02-02 00:08 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-02-02 00:08 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-02-01 20:48 . 2013-02-01 20:48 -------- d-----w- c:\program files (x86)\PDF24
2013-02-01 20:29 . 2013-02-01 20:29 -------- d-----w- c:\users\Gast\AppData\Roaming\PDF Architect
2013-02-01 20:27 . 2013-02-01 20:27 -------- d-----w- c:\users\***\AppData\Roaming\Uniblue
2013-02-01 20:27 . 2013-02-01 20:27 -------- d-----w- c:\program files (x86)\Uniblue
2013-02-01 20:27 . 2013-02-01 20:27 -------- d-----w- c:\program files (x86)\PDF Architect
2013-02-01 20:27 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-02-01 17:24 . 2013-02-01 17:24 -------- d-----w- c:\users\Gast\AppData\Roaming\Malwarebytes
2013-02-01 12:26 . 2013-02-01 12:26 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2013-01-31 22:28 . 2013-01-31 22:28 -------- d-----w- c:\users\Gast\AppData\Roaming\Avira
2013-01-31 22:23 . 2013-01-31 22:23 -------- d-----w- c:\program files (x86)\Ask.com
2013-01-31 22:21 . 2013-01-31 22:15 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-31 22:21 . 2013-01-31 22:15 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-31 22:21 . 2013-01-31 22:15 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-31 22:21 . 2013-01-31 22:21 -------- d-----w- c:\program files (x86)\Avira
2013-01-31 17:27 . 2013-01-31 17:27 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-01-31 17:27 . 2013-01-31 17:27 -------- d-----w- c:\programdata\Malwarebytes
2013-01-31 17:27 . 2013-01-31 17:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-31 17:27 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-31 16:37 . 2013-01-31 16:37 -------- d-----w- c:\users\Gast\AppData\Roaming\Ad-Aware Antivirus
2013-01-31 16:37 . 2013-01-31 16:37 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-01-31 16:35 . 2013-01-31 16:35 -------- d-----w- c:\users\***\AppData\Roaming\LavasoftStatistics
2013-01-31 16:28 . 2013-01-31 16:48 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\programdata\Lavasoft
2013-01-31 16:22 . 2013-01-31 16:22 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-31 16:21 . 2013-01-31 16:21 -------- d-----w- c:\programdata\blekko toolbars
2013-01-31 16:21 . 2013-01-31 16:21 -------- d-----w- c:\program files (x86)\adawaretb
2013-01-31 16:21 . 2013-01-31 16:21 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-01-31 16:20 . 2013-01-31 16:48 -------- d-----w- c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2013-01-31 16:10 . 2013-01-31 16:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-31 16:09 . 2013-01-31 18:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-31 16:09 . 2013-01-31 16:09 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-01-31 13:22 . 2013-01-31 13:22 -------- d-----w- c:\users\Gast\.tfo4
2013-01-27 08:43 . 2013-01-28 13:34 -------- d-----w- c:\users\***\AppData\Roaming\Origin
2013-01-27 08:43 . 2013-01-29 20:21 -------- d-----w- c:\programdata\Origin
2013-01-24 17:27 . 2013-01-24 17:27 -------- d-----w- c:\users\***\Tracing
2013-01-24 17:27 . 2013-01-31 17:14 -------- d-----w- c:\program files (x86)\SweetIM
2013-01-24 17:24 . 2013-01-24 17:24 -------- d-----w- c:\program files (x86)\sweetpacks bundle uninstaller
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 21:03 . 2011-07-26 06:31 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-12 02:30 . 2013-01-15 05:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 13:52 . 1998-07-28 16:01 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-01-06 17:20 . 2013-01-06 17:20 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-06 17:20 . 2011-08-29 11:05 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 19:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 10:26 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 10:26 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:26 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 21:00 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 21:00 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 21:00 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 21:00 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 21:00 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 21:00 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 21:00 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 21:00 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 21:00 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 21:00 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 21:00 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 21:00 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 21:00 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 21:00 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 21:00 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 21:00 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 21:00 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 21:00 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 21:00 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 21:00 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 21:00 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 21:00 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 21:00 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 21:00 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 21:00 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 21:00 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 21:00 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 21:00 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 21:00 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 21:00 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 21:00 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 21:00 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 20:59 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 20:59 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 20:59 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 20:59 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 20:59 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 20:59 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 20:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 20:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 20:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56 1521952 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-18 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
p6_19_erinnerung.lnk - c:\program files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-21 1370224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-17 44480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1255736]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-31 14456]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-12 25576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-01-31 27800]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-12-10 868224]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2010-11-12 257344]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2010-12-11 67112]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2010-12-11 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2010-12-15 35368]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2010-12-11 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-02-01 11:51]
.
2013-02-17 c:\windows\Tasks\ZMBEOY.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-12-10 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_ptnrs=%5EAGS&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 18:27; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-01-31 17:21; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2013-02-01 21:27; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{8F2754CA-B124-4530-9542-00FE699EA8FD} - c:\program files (x86)\Watchtower\Watchtower Library 2010\X\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-746099090-312496325-1089877124-1001\Software\SecuROM\License information*]
"datasecu"=hex:b6,2b,3b,98,21,37,1e,43,35,2f,99,3c,b0,df,ac,e2,14,bf,95,eb,63,
de,e7,0e,d6,67,59,cb,74,4e,d2,33,95,bc,8d,78,00,e6,27,b4,e2,85,43,21,4f,11,\
"rkeysecu"=hex:23,80,ad,04,54,95,b4,68,09,1f,61,ba,3f,2e,5a,9e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-17 10:39:04
ComboFix-quarantined-files.txt 2013-02-17 09:39
.
Vor Suchlauf: 9 Verzeichnis(se), 380.065.579.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 379.774.033.920 Bytes frei
.
- - End Of File - - 1EDEAF201102085AA10951B88D74DBB6
|
|
18.02.2013, 13:34
| #11 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo , mir ist aufgefallen, dass ich während der Ausführung von Combofix nicht Internetbrowser abgeschlossen hatte. Des Weiteren hatte ich mein Antivirenprogramm von Avira ich zwar ausgeschaltet (Häckchen bei Echzeitscann entfernt), wurde aber zu Beginn der Ausführung eine Meldung von Combofix angezeigt, dass die Ausführung durch Avira behindert wird. Ich habe denn noch Combofix ausgeführt. Kannst Du mit dem Ergebnis etwas anfangen oder muss ich erneut das Combofix ausführen? Gruß Carlos |
|
20.02.2013, 00:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner „Ihavenet.com“ macht Ärger aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2013, 19:28
| #13 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo, mein Problem wurde anderweitig gelöst. Ich danke Dir für diene wertvolle Zeit. Viele liebe Grüße Carlos |
|
12.03.2013, 23:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner „Ihavenet.com“ macht Ärger Dürfte man erfahren was wie genau gelöst wurde? Daran könnten auch andere interessiert sein, danke
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2013, 20:50
| #15 |
| | Trojaner „Ihavenet.com“ macht Ärger Hallo Cosinus, Bitte entschuldige mich, dass ich mich jetzt erst melde. Um auf deine Frage zu beantworten, klicke bitte auf den nachfolgenden Link an: hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=152054&highlight=carlos94 Viele Grüße Carlos94 |
|
| Themen zu Trojaner „Ihavenet.com“ macht Ärger |
| analyse, anhang, antivirenprogramm, arbeitet, avira, betriebssystem, biete, dateien, firefox, forum, freeware, größe, hallo zusammen, ihavenet.com, laptop, nichts, programm, rechner, seite, seiten, trojaner, umleitung auf andere seiten, viren, weiterleiten, windows, zusammen |
Linear-Darstellung
