| |
| |||||||
Log-Analyse und Auswertung: Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2013, 19:18
| #1 |
 |  Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Hallo liebes Trojaner-Board. (ich hoffe, das ist das richtige Forum) Seit Monaten bekomme ich über Outlook eine Fehlermeldung, sobald ich E-Mails über meine Webseite verschicken will "Fehler 550, please see hxxp://www.spamhaus.org/query/bl?ip=95.91.246.144" (Beispiel IP, eine meiner letzten IP-Adressen) Laut Spamhaus habe ich verschiedenste Viren & Botnetze auf dem Rechner, unter anderem Zbot, Torpig, usw. - mein Virenscanner (avast) findet nichts & ich weiß nun auch nicht mehr weiter. Laut dem Hilfebeitrag hier nun die Logs. Es handelt sich hierbei um 2 PC's, die vermutlich infiziert sind, der eine wurde bereits vom lieben cosinus gefixt und überprüft, der ist clean - nun gehts an meinen. Code:
ATTFilter OTL logfile created on: 14.07.2013 20:05:20 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 70,96% Memory free 16,00 Gb Paging File | 13,51 Gb Available in Paging File | 84,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 759,93 Gb Free Space | 83,85% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 7,44 Gb Free Space | 99,81% Space Free | Partition Type: FAT32 Computer Name: SEELENWINTER-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.14 19:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.06.28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.12.30 23:42:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 23:43:40 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll MOD - [2013.07.10 13:48:13 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013.07.10 13:47:55 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013.07.10 13:47:51 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013.07.10 13:47:41 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013.07.10 13:40:49 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013.06.15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll MOD - [2013.06.15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013.06.15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013.06.15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013.06.15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013.06.15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office12\ADDINS\UMOUTL~1.DLL MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office12\ADDINS\COLLEA~1.DLL ========== Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:24:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.13 00:45:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.30 23:42:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.28 13:55:31 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.06.28 13:55:31 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.06.28 13:55:31 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.10 10:58:30 | 000,015,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvflash.sys -- (NVFLASH) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 11:27:12 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr) DRV:64bit: - [2010.11.20 11:26:56 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.23 08:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.26 04:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.08.06 12:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.03.16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {037E8D38-9B6B-453A-9BA2-A4C6350BB240} IE - HKCU\..\SearchScopes\{037E8D38-9B6B-453A-9BA2-A4C6350BB240}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9669fbf9-7e2c-4f1c-8148-6cd46b83bdbd&pid=murb&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\npfirefoxtracker.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 14.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 14.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\netsight@nielsen.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.30 13:55:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.06.21 19:59:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.06.21 19:59:54 | 000,000,000 | ---D | M] [2012.05.28 13:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2013.07.10 13:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\extensions [2013.07.10 13:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\extensions\staged [2013.05.29 00:11:57 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.07.10 13:31:06 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.17 16:30:54 | 000,002,071 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{1CA0B935-A34C-41E6-9AA7-31E812C027F7}.xml [2012.07.17 16:30:54 | 000,002,182 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{532B0180-1EA6-4E1B-A8A4-6E40EBB01E2B}.xml [2012.07.17 16:30:54 | 000,001,864 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{753AAF4F-EA87-48F4-BF19-017A36839B61}.xml [2013.07.10 13:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.10 13:28:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.30 13:55:00 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.flexlinked.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\***\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: avast! Online Security = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Chart Creator = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpefoinopmbnhlbhijcajgaijinknlmg\1.0.0.0_0\ CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [icq] C:\Users\***\AppData\Roaming\ICQM\icq.exe (ICQ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.25.2) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129B9235-1E80-441D-9A2A-32C639E3A918}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129B9235-1E80-441D-9A2A-32C639E3A918}: NameServer = 8.8.8.8 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{a2f29e89-9a48-11e2-8086-4487fcf24763}\Shell - "" = AutoRun O33 - MountPoints2\{a2f29e89-9a48-11e2-8086-4487fcf24763}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{da64a100-c0a6-11df-b892-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da64a100-c0a6-11df-b892-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.14 19:52:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.13 22:57:42 | 000,367,014 | ---- | C] (hxxp://magiclauncher.com) -- C:\Users\***\Desktop\MagicLauncher_1.1.6.exe [2013.07.13 21:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.07.13 21:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer [2013.07.11 22:15:23 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virenscan ab 11.07.2013 jan [2013.07.10 13:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.07.10 13:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.07.10 13:43:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT [2013.07.06 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2013.07.04 17:24:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\world [2013.07.01 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Amazon MP3 [2013.07.01 19:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet LooksBuilder [2013.07.01 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder [2013.06.29 13:33:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Seelenkreativ Dokumente [2013.06.25 13:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.24 00:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.23 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\23'06'2013 - Natalie Kroll [2013.06.21 20:20:39 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.06.21 19:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2013.06.20 01:56:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2013.06.19 23:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.19 23:44:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.06.19 23:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.14 14:08:16 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeAF06.dll [2011.06.26 21:47:46 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Users\***\lame_enc.dll [2010.09.15 11:24:19 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.14 19:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.14 19:26:57 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.14 19:26:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.14 15:37:00 | 000,000,526 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d.job [2013.07.14 15:00:48 | 000,021,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.14 15:00:48 | 000,021,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.14 02:00:00 | 000,000,526 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c.job [2013.07.13 22:57:43 | 000,367,014 | ---- | M] (hxxp://magiclauncher.com) -- C:\Users\***\Desktop\MagicLauncher_1.1.6.exe [2013.07.13 21:30:59 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001726.LCS [2013.07.13 16:33:15 | 000,539,688 | ---- | M] () -- C:\Users\***\Desktop\impg1_1.zip [2013.07.13 15:03:27 | 001,699,586 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.13 15:03:27 | 000,729,466 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.13 15:03:27 | 000,679,270 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.13 15:03:27 | 000,162,126 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.13 15:03:27 | 000,132,054 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.12 11:17:05 | 009,602,769 | ---- | M] () -- C:\Users\***\Desktop\Alligatoah - Amnesie (16BARSTV PREMIERE).mp3 [2013.07.12 10:41:36 | 000,040,116 | ---- | M] () -- C:\Users\***\Desktop\935730_578018992230124_1615684163_n.jpg [2013.07.11 19:53:50 | 1142,839,757 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.07.11 18:51:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.10 13:50:31 | 005,140,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.07.06 13:41:18 | 008,355,519 | ---- | M] () -- C:\Users\***\Desktop\Hardwell & Dyro feat Bright Lights - Never Say Goodbye (Official Video HD).mp3 [2013.07.06 13:27:17 | 006,846,320 | ---- | M] () -- C:\Users\***\Desktop\Kayev - Mit dir.mp3 [2013.07.06 13:24:10 | 008,756,592 | ---- | M] () -- C:\Users\***\Desktop\David Jones feat Aqua Diva - Sunny (Official Video HD).mp3 [2013.07.03 21:35:03 | 000,000,150 | ---- | M] () -- C:\windows\wininit.ini [2013.07.01 22:35:26 | 007,473,865 | ---- | M] () -- C:\Users\***\Desktop\04 - Keiner Merkt Es.mp3 [2013.07.01 20:05:53 | 006,064,738 | ---- | M] () -- C:\Users\***\Desktop\DSC_0208.2_test1.jpg [2013.07.01 20:00:06 | 000,048,296 | ---- | M] () -- C:\Users\***\look1.ls3 [2013.07.01 19:48:16 | 000,001,001 | ---- | M] () -- C:\Users\***\Desktop\LooksBuilder.lnk [2013.06.29 14:43:01 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.28 14:11:43 | 022,865,659 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - SpongeBOZZ vs GReeeN (Halbfinale) prod by Digital Drama.mp3 [2013.06.28 13:55:31 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013.06.28 13:55:31 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013.06.28 13:55:31 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013.06.28 13:55:31 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum [2013.06.28 13:55:31 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum [2013.06.28 13:55:31 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum [2013.06.24 00:27:44 | 000,007,168 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.21 21:50:51 | 000,186,633 | ---- | M] () -- C:\windows\hpoins51.dat [2013.06.20 01:56:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2013.06.15 16:34:36 | 000,113,401 | ---- | M] () -- C:\Users\***\124_1000.jpg [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.13 16:33:13 | 000,539,688 | ---- | C] () -- C:\Users\***\Desktop\impg1_1.zip [2013.07.13 00:45:03 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.12 11:17:03 | 009,602,769 | ---- | C] () -- C:\Users\***\Desktop\Alligatoah - Amnesie (16BARSTV PREMIERE).mp3 [2013.07.12 10:41:36 | 000,040,116 | ---- | C] () -- C:\Users\***\Desktop\935730_578018992230124_1615684163_n.jpg [2013.07.11 19:53:50 | 1142,839,757 | ---- | C] () -- C:\windows\MEMORY.DMP [2013.07.11 18:51:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.06 13:41:14 | 008,355,519 | ---- | C] () -- C:\Users\***\Desktop\Hardwell & Dyro feat Bright Lights - Never Say Goodbye (Official Video HD).mp3 [2013.07.06 13:27:13 | 006,846,320 | ---- | C] () -- C:\Users\***\Desktop\Kayev - Mit dir.mp3 [2013.07.06 13:24:07 | 008,756,592 | ---- | C] () -- C:\Users\***\Desktop\David Jones feat Aqua Diva - Sunny (Official Video HD).mp3 [2013.07.05 10:40:45 | 005,140,976 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.07.02 23:37:09 | 000,000,526 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d.job [2013.07.02 23:37:08 | 000,000,526 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c.job [2013.07.01 22:35:22 | 007,473,865 | ---- | C] () -- C:\Users\***\Desktop\04 - Keiner Merkt Es.mp3 [2013.07.01 20:08:06 | 006,064,738 | ---- | C] () -- C:\Users\***\Desktop\DSC_0208.2_test1.jpg [2013.07.01 20:00:06 | 000,048,296 | ---- | C] () -- C:\Users\***\look1.ls3 [2013.07.01 19:48:16 | 000,001,001 | ---- | C] () -- C:\Users\***\Desktop\LooksBuilder.lnk [2013.06.28 14:11:43 | 022,865,659 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - SpongeBOZZ vs GReeeN (Halbfinale) prod by Digital Drama.mp3 [2013.06.28 13:55:31 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum [2013.06.27 01:55:29 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum [2013.06.27 01:55:28 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum [2013.06.21 19:57:11 | 000,186,633 | ---- | C] () -- C:\windows\hpoins51.dat [2013.06.21 19:57:11 | 000,000,572 | ---- | C] () -- C:\windows\hpomdl51.dat [2013.06.21 17:25:21 | 000,191,870 | ---- | C] () -- C:\windows\hpoins51.dat.temp [2013.06.21 17:25:21 | 000,000,572 | ---- | C] () -- C:\windows\hpomdl51.dat.temp [2013.06.15 16:34:34 | 000,113,401 | ---- | C] () -- C:\Users\***\124_1000.jpg [2013.05.27 19:36:23 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll [2013.03.25 15:56:19 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2013.01.14 10:32:23 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2012.12.30 23:39:31 | 000,282,104 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012.12.02 01:10:46 | 019,047,318 | ---- | C] () -- C:\Users\***\[Okada Kou] My little sister is! vol.3 [English].zip [2012.12.02 01:10:44 | 012,834,592 | ---- | C] () -- C:\Users\***\[Okada Kou] My little sister is! vol.2 [English].zip [2012.12.02 01:10:42 | 009,799,361 | ---- | C] () -- C:\Users\***\[Okada Kou] My little sister is! vol.1 [English].zip [2012.10.02 13:17:02 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2012.07.21 21:06:58 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2012.07.10 13:13:32 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.04.13 15:30:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.01.04 14:50:42 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll [2011.11.26 23:33:59 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2011.11.21 10:56:58 | 000,007,606 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.10.27 01:23:09 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.26 11:50:56 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\Iyvu9_32.dll [2011.10.16 11:41:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\Booms [2011.10.16 11:40:08 | 000,000,000 | ---- | C] () -- C:\windows\ViewNX2.INI [2011.10.16 11:17:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.10.16 11:17:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.10.16 11:17:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.10.16 11:17:24 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Classical [2011.10.01 22:14:49 | 001,028,042 | ---- | C] () -- C:\Users\***\Sleeping_baby_cat.jpg [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011.08.27 00:21:30 | 000,042,392 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2011.08.17 00:57:09 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011.08.17 00:57:08 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI [2011.08.17 00:57:08 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini [2011.08.02 21:07:42 | 000,000,150 | ---- | C] () -- C:\windows\wininit.ini [2011.07.16 14:26:16 | 001,239,237 | ---- | C] () -- C:\Users\***\IMAG0010.jpg [2011.07.06 01:35:32 | 000,027,063 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2011.06.03 22:19:17 | 000,320,418 | ---- | C] () -- C:\Users\***\vdwinampskin4.wsz ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.14 16:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.06.14 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7road [2013.01.09 16:46:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Aeria Games & Entertainment [2012.08.07 21:09:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.05.16 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2013.01.02 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.04.28 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2013.06.29 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Profile [2013.05.10 15:15:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQM [2012.08.20 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.10.20 00:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2011.12.27 15:17:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts [2011.10.16 11:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2013.05.05 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.01.04 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.07.21 21:20:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex [2012.06.13 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.10.20 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2013.04.07 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2012.03.23 13:38:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2013.07.01 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.03.23 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.06.18 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.08.29 16:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 3 [2013.07.13 01:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2013.04.01 14:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay [2012.12.30 01:37:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.10.28 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UBitMenu [2012.09.29 14:10:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VOS ========== Purity Check ========== < End of report > Im neuen Post kommt der GMER log, leider zu groß. |
|
14.07.2013, 19:19
| #2 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC)Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 20:02:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDS721010CLA332 rev.JP4OA3FE 931,51GB
Running: bkunjhso.exe; Driver: C:\Users\JANBRU~1\AppData\Local\Temp\pxkiapow.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\wininit.exe[540] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\winlogon.exe[632] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\services.exe[676] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[812] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[900] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\System32\svchost.exe[984] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\System32\svchost.exe[112] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[448] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[480] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1120] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\System32\spoolsv.exe[1480] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1600] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1784] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[1912] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\Explorer.EXE[1252] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100141014
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100140804
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 0000000100140a08
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100140c0c
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100140e10
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001001401f8
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001001403fc
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100140600
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001001701f8
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001001703fc
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100170804
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100170600
.text C:\windows\SysWOW64\svchost.exe[2200] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100170a08
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001002301f8
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001002303fc
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100230804
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100230600
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100230a08
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100241014
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100240804
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 0000000100240a08
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100240c0c
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100240e10
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001002401f8
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001002403fc
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100240600
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073c01a22 2 bytes [C0, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073c01ad0 2 bytes [C0, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073c01b08 2 bytes [C0, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073c01bba 2 bytes [C0, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073c01bda 2 bytes [C0, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a91465 2 bytes [A9, 75]
.text C:\windows\SysWOW64\PnkBstrA.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a914bb 2 bytes [A9, 75]
.text ... * 2
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c33ae0 5 bytes JMP 000000010048075c
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c37a90 5 bytes JMP 00000001004803a4
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c61490 5 bytes JMP 0000000100480b14
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c614f0 5 bytes JMP 0000000100480ecc
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c615d0 5 bytes JMP 000000010048163c
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c61810 5 bytes JMP 0000000100481284
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c62840 5 bytes JMP 00000001004819f4
.text C:\windows\system32\svchost.exe[2584] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feffdd6e00 5 bytes JMP 000007ff7fdf1dac
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feffdd6f2c 5 bytes JMP 000007ff7fdf0ecc
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feffdd7220 5 bytes JMP 000007ff7fdf1284
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feffdd739c 5 bytes JMP 000007ff7fdf163c
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feffdd7538 5 bytes JMP 000007ff7fdf19f4
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feffdd75e8 5 bytes JMP 000007ff7fdf03a4
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feffdd790c 5 bytes JMP 000007ff7fdf075c
.text C:\windows\system32\svchost.exe[2584] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feffdd7ab4 5 bytes JMP 000007ff7fdf0b14
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2620] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2756] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100150a08
? C:\windows\system32\iertutil.dll [2756] entry point in ".rdata" section 0000000075645251
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c33ae0 5 bytes JMP 00000001001c075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c37a90 5 bytes JMP 00000001001c03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c61490 5 bytes JMP 00000001001c0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c614f0 5 bytes JMP 00000001001c0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c615d0 5 bytes JMP 00000001001c163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c61810 5 bytes JMP 00000001001c1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c62840 5 bytes JMP 00000001001c19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feffdd6e00 5 bytes JMP 000007ff7fdf1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feffdd6f2c 5 bytes JMP 000007ff7fdf0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feffdd7220 5 bytes JMP 000007ff7fdf1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feffdd739c 5 bytes JMP 000007ff7fdf163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feffdd7538 5 bytes JMP 000007ff7fdf19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feffdd75e8 5 bytes JMP 000007ff7fdf03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feffdd790c 5 bytes JMP 000007ff7fdf075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2960] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feffdd7ab4 5 bytes JMP 000007ff7fdf0b14
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feffdd6e00 5 bytes JMP 000007ff7fdf1dac
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feffdd6f2c 5 bytes JMP 000007ff7fdf0ecc
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feffdd7220 5 bytes JMP 000007ff7fdf1284
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feffdd739c 5 bytes JMP 000007ff7fdf163c
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feffdd7538 5 bytes JMP 000007ff7fdf19f4
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feffdd75e8 5 bytes JMP 000007ff7fdf03a4
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feffdd790c 5 bytes JMP 000007ff7fdf075c
.text C:\windows\system32\nfsclnt.exe[2072] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feffdd7ab4 5 bytes JMP 000007ff7fdf0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feffdd6e00 5 bytes JMP 000007ff7fdf1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feffdd6f2c 5 bytes JMP 000007ff7fdf0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feffdd7220 5 bytes JMP 000007ff7fdf1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feffdd739c 5 bytes JMP 000007ff7fdf163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feffdd7538 5 bytes JMP 000007ff7fdf19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feffdd75e8 5 bytes JMP 000007ff7fdf03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feffdd790c 5 bytes JMP 000007ff7fdf075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1732] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feffdd7ab4 5 bytes JMP 000007ff7fdf0b14
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feffdd6e00 5 bytes JMP 000007ff7fdf1dac
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feffdd6f2c 5 bytes JMP 000007ff7fdf0ecc
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feffdd7220 5 bytes JMP 000007ff7fdf1284
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feffdd739c 5 bytes JMP 000007ff7fdf163c
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feffdd7538 5 bytes JMP 000007ff7fdf19f4
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feffdd75e8 5 bytes JMP 000007ff7fdf03a4
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feffdd790c 5 bytes JMP 000007ff7fdf075c
.text C:\windows\system32\svchost.exe[3096] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feffdd7ab4 5 bytes JMP 000007ff7fdf0b14
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a91465 2 bytes [A9, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3488] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a914bb 2 bytes [A9, 75]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3968] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a91465 2 bytes [A9, 75]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a914bb 2 bytes [A9, 75]
.text ... * 2
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[5116] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter 00000000762987b1 5 bytes JMP 000000016a8550b8
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 3 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW + 4 00000000770853d9 1 byte [89]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001001e01f8
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001001e03fc
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 00000001001e0804
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 00000001001e0600
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 00000001001e0a08
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000075e06143 5 bytes JMP 000000016b31e11a
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076053e59 5 bytes JMP 000000016a881b8f
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000076053eae 5 bytes JMP 000000016a88c68a
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076054731 5 bytes JMP 000000016a88fac2
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076055dee 5 bytes JMP 000000016a88ff84
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\Program Files (x86)\Common Files\System\MSMAPI\1031\MSMAPI32.DLL!HrDispatchNotifications@4 + 112 0000000072fe1b80 4 bytes [40, 90, 50, 19]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a91465 2 bytes [A9, 75]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a914bb 2 bytes [A9, 75]
.text ... * 2
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e0f991 7 bytes {MOV EDX, 0x8cbe28; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100980600
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100980804
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e0fbd5 7 bytes {MOV EDX, 0x8cbe68; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e0fc05 7 bytes {MOV EDX, 0x8cbda8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e0fc1d 7 bytes {MOV EDX, 0x8cbd28; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e0fc35 7 bytes {MOV EDX, 0x8cbf28; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e0fc65 7 bytes {MOV EDX, 0x8cbf68; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100980c0c
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e0fce5 7 bytes {MOV EDX, 0x8cbee8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e0fcfd 7 bytes {MOV EDX, 0x8cbea8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e0fd49 7 bytes {MOV EDX, 0x8cbc68; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e0fe41 7 bytes {MOV EDX, 0x8cbca8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100980a08
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e10099 7 bytes {MOV EDX, 0x8cbc28; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e110a5 7 bytes {MOV EDX, 0x8cbde8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e1111d 7 bytes {MOV EDX, 0x8cbd68; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e11321 7 bytes {MOV EDX, 0x8cbce8; JMP RDX}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100980e10
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001009801f8
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001009803fc
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001009901f8
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001009903fc
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100990804
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100990600
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100990a08
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 00000001009a1014
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 00000001009a0804
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 00000001009a0a08
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 00000001009a0c0c
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 00000001009a0e10
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001009a01f8
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001009a03fc
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 00000001009a0600
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a91465 2 bytes [A9, 75]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[3688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a914bb 2 bytes [A9, 75]
.text ... * 2
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e0faa0 5 bytes JMP 0000000100030600
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e0fb38 5 bytes JMP 0000000100030804
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 0000000100030a08
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100030e10
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e2c45a 5 bytes JMP 00000001000301f8
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e31217 5 bytes JMP 00000001000303fc
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000762ba30a 1 byte [62]
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077085181 5 bytes JMP 0000000100241014
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077085254 5 bytes JMP 0000000100240804
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770853d5 5 bytes JMP 0000000100240a08
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770854c2 5 bytes JMP 0000000100240c0c
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770855e2 5 bytes JMP 0000000100240e10
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007708567c 5 bytes JMP 00000001002401f8
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007708589f 5 bytes JMP 00000001002403fc
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077085a22 5 bytes JMP 0000000100240600
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007570ee09 5 bytes JMP 00000001002501f8
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075713982 5 bytes JMP 00000001002503fc
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075717603 5 bytes JMP 0000000100250804
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007571835c 5 bytes JMP 0000000100250600
.text C:\Users\***\Desktop\bkunjhso.exe[2484] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007572f52b 5 bytes JMP 0000000100250a08
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 29
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2651072
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 29
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2651072
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- EOF - GMER 2.1 ----
|
|
15.07.2013, 19:52
| #3 |
| /// Helfer-Team  | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Scan mit Combofix
__________________ |
|
16.07.2013, 10:29
| #4 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Hey, hier der Log. Code:
ATTFilter ComboFix 13-07-15.01 - *** 16.07.2013 10:56:46.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8191.6659 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeAF06.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\OLEAUT32.1
c:\windows\SysWow64\RENA77A.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-16 bis 2013-07-16 ))))))))))))))))))))))))))))))
.
.
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\UpdatusUser.Seelenwinter-Pc\AppData\Local\temp
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\Besucher\AppData\Local\temp
2013-07-16 09:03 . 2013-07-16 09:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-13 19:45 . 2013-07-13 19:45 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-13 19:45 . 2013-07-13 19:45 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-13 19:45 . 2013-07-13 19:45 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-13 19:45 . 2013-07-13 19:45 188840 ----a-w- c:\windows\system32\java.exe
2013-07-13 19:45 . 2013-07-13 19:45 -------- d-----w- c:\program files\Java
2013-07-13 19:31 . 2013-07-13 19:31 -------- d-----w- c:\program files (x86)\ProtectDisc Driver Installer
2013-07-10 11:51 . 2013-07-10 11:51 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-07-10 11:43 . 2013-07-10 11:45 -------- d-----w- c:\windows\system32\MRT
2013-07-10 11:28 . 2013-06-18 14:22 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-06 19:21 . 2013-07-06 19:24 -------- d-----w- c:\program files\Recuva
2013-07-01 17:48 . 2013-07-01 17:48 -------- d-----w- c:\program files (x86)\LooksBuilder
2013-06-25 11:01 . 2013-06-25 11:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-25 11:01 . 2013-06-25 11:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 22:00 . 2013-06-23 22:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-21 17:59 . 2013-06-21 17:59 -------- d-----w- c:\programdata\HP Product Assistant
2013-06-19 21:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-19 21:44 . 2013-06-19 21:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:45 . 2013-05-30 12:04 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-13 19:45 . 2011-12-10 18:43 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-12 22:45 . 2012-04-01 10:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 22:45 . 2011-06-03 13:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 11:43 . 2011-06-10 13:06 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-28 11:55 . 2013-05-30 11:55 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 11:55 . 2013-05-30 11:55 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 11:55 . 2013-05-30 11:55 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-25 11:01 . 2012-06-19 09:07 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 11:01 . 2011-06-03 13:01 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 12:30 . 2012-05-05 17:03 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-27 17:36 . 2013-05-27 17:36 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2013-05-27 17:36 . 2013-05-27 17:36 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2013-05-16 11:57 . 2012-07-08 11:21 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 09:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 09:20 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 09:20 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 09:20 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 09:20 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:20 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 09:20 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 09:20 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:20 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:20 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 09:21 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 09:21 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-05-30 11:55 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-30 11:55 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-30 11:55 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-30 11:55 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-05-30 11:55 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-05-30 11:54 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-05-30 11:55 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 09:21 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-26 05:51 . 2013-06-12 09:21 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 09:21 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 09:20 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\***\AppData\Roaming\ICQM\icq.exe" [2013-05-10 27598184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NfsClnt;Client für NFS;c:\windows\system32\nfsclnt.exe;c:\windows\SYSNATIVE\nfsclnt.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys;c:\windows\SYSNATIVE\drivers\nvflash.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va005;X6va005;c:\users\JANBRU~1\AppData\Local\Temp\005F30A.tmp;c:\users\JANBRU~1\AppData\Local\Temp\005F30A.tmp [x]
R3 X6va006;X6va006;c:\users\JANBRU~1\AppData\Local\Temp\006400C.tmp;c:\users\JANBRU~1\AppData\Local\Temp\006400C.tmp [x]
R3 X6va007;X6va007;c:\users\JANBRU~1\AppData\Local\Temp\0075C3B.tmp;c:\users\JANBRU~1\AppData\Local\Temp\0075C3B.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 NfsRdr;Client für NFS-Redirector;c:\windows\system32\drivers\nfsrdr.sys;c:\windows\SYSNATIVE\drivers\nfsrdr.sys [x]
S3 RpcXdr;Server für NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys;c:\windows\SYSNATIVE\drivers\rpcxdr.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{129B9235-1E80-441D-9A2A-32C639E3A918}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\
FF - ExtSQL: 2013-05-30 13:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-21 19:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-06-21 19:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-55304549.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-Heroes of Might and Magic® III - c:\windows\IsUn0407.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-Lords of Magic Special Edition - c:\windows\IsUn0407.exe
AddRemove-Pharao - c:\windows\IsUn0407.exe
AddRemove-Total Annihilation: Kingdoms - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\JANBRU~1\AppData\Local\Temp\005F30A.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\JANBRU~1\AppData\Local\Temp\006400C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\JANBRU~1\AppData\Local\Temp\0075C3B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3657872547-194815695-655878515-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:30,94,bd,9f,40,8b,0b,1a,b9,2d,68,67,b7,fa,73,f1,bd,92,d0,0c,ab,8c,7c,
da,e2,71,4a,f5,3d,53,6c,6a,33,ec,db,a0,a6,4e,49,5f,d4,16,7c,3f,20,d4,af,ad,\
"??"=hex:c0,af,fa,c2,a3,c8,af,e4,b2,74,5f,fa,45,7d,3d,b3
.
[HKEY_USERS\S-1-5-21-3657872547-194815695-655878515-1002\Software\SecuROM\License information*]
"datasecu"=hex:1b,5d,98,b9,cf,77,e5,68,fa,e6,1d,43,4f,91,1c,44,5e,00,f5,69,7b,
d7,f1,96,6a,c2,d4,83,ce,bf,1d,db,ab,6d,c1,e5,d9,09,55,a5,ee,20,89,41,53,b5,\
"rkeysecu"=hex:86,9b,dd,05,73,67,fd,57,a5,98,5c,a6,b6,ab,92,f9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-16 11:12:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-16 09:12
.
Vor Suchlauf: 20 Verzeichnis(se), 815.526.924.288 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 815.324.762.112 Bytes frei
.
- - End Of File - - 568155AA2445C91DECAC124A8FE0B50F
A36C5E4F47E84449FF07ED3517B43A31
Das Internet geht nicht mehr, mit folgender Fehlermeldung (siehe Bild) Die Firewall ließ sich nicht mehr aktivieren und war ausgeschaltet. Der Startbildschirm (zwischen 'willkommen' und desktop dauert sehr viel länger als sonst, ca 3-4min) Poste das hier grad über einen anderen Rechner. Edit 12.24: Das "Windows Update" wurde auch deaktiviert - aber nicht von mir. Geändert von Seelenwinter (16.07.2013 um 11:24 Uhr) |
|
16.07.2013, 15:23
| #5 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Rechner neustarten, dann: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
16.07.2013, 16:20
| #6 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Geht das auch, wenn ich das über den anderen Rechner runterlade? Wie gesagt, ich kann auf meinen nicht ins Internet & die angegebenen Fehler. Neu gestartet hab ich ihn gefühlt hundert Mal nach dem Combofix-Scan. |
|
16.07.2013, 17:41
| #7 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) ok, ja runterladen kannst du woanders. |
|
16.07.2013, 20:45
| #8 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) MBR war ohne Ergebnis, also keine Funde o.ä. Hier die Logs von FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by *** (administrator) on 16-07-2013 21:21:24
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\windows\system32\nfsclnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [icq] - C:\Users\***\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-10] (ICQ)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {a2f29e89-9a48-11e2-8086-4487fcf24763} - F:\Startme.exe
MountPoints2: {da64a100-c0a6-11df-b892-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKU\Gast\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
HKCU SearchScopes: DefaultScope {037E8D38-9B6B-453A-9BA2-A4C6350BB240} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9669fbf9-7e2c-4f1c-8148-6cd46b83bdbd&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {037E8D38-9B6B-453A-9BA2-A4C6350BB240} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9669fbf9-7e2c-4f1c-8148-6cd46b83bdbd&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{129B9235-1E80-441D-9A2A-32C639E3A918}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{1CA0B935-A34C-41E6-9AA7-31E812C027F7}.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{532B0180-1EA6-4E1B-A8A4-6E40EBB01E2B}.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\searchplugins\{753AAF4F-EA87-48F4-BF19-017A36839B61}.xml
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\Extensions\staged
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qx5i0zqj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter6\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.flexlinked.com/
CHR RestoreOnStartup: "hxxp://www.flexlinked.com/", "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\***\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Adblock Plus) - C:\Users\JANBRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (avast! Online Security) - C:\Users\JANBRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Chart Creator) - C:\Users\JANBRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpefoinopmbnhlbhijcajgaijinknlmg\1.0.0.0_0
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\JANBRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0
CHR StartMenuInternet: Google Chrome - "C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-30] ()
S2 HPSLPSVC; C:\Users\JANBRU~1\AppData\Local\Temp\7zS1713\hpslpsvc64.dll [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 Cardex; C:\windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 Cardex; C:\windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 IOMap; C:\windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 IOMap; C:\windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [246272 2010-11-20] (Microsoft Corporation)
S3 NVFLASH; C:\windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 NVFLASH; C:\windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S1 prodrv06; C:\Windows\SysWow64\drivers\prodrv06.sys [52224 2004-01-26] (Protection Technology)
S0 prohlp02; C:\Windows\SysWow64\drivers\prohlp02.sys [95552 2004-01-26] (Protection Technology)
S0 prosync1; C:\Windows\SysWow64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [104960 2010-11-20] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S0 sfhlp01; C:\Windows\SysWow64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
U4 mbamswissarmy;
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [x]
S0 prohlp02; System32\drivers\prohlp02.sys [x]
S0 prosync1; System32\drivers\prosync1.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S0 sfhlp01; System32\drivers\sfhlp01.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S2 TBPanel; No ImagePath
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S3 X6va005; \??\C:\Users\JANBRU~1\AppData\Local\Temp\005F30A.tmp [x]
S3 X6va006; \??\C:\Users\JANBRU~1\AppData\Local\Temp\006400C.tmp [x]
S3 X6va007; \??\C:\Users\JANBRU~1\AppData\Local\Temp\0075C3B.tmp [x]
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-16 21:03 - 2013-07-16 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-16 21:03 - 2013-07-16 21:03 - 00000000 ____D C:\FRST
2013-07-16 21:02 - 2013-07-16 21:02 - 01778253 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.3 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.3 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.2 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.2 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.1 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.1 [English]
2013-07-16 11:12 - 2013-07-16 11:12 - 00021606 _____ C:\Users\***\Desktop\ComboFix.txt
2013-07-16 10:52 - 2013-07-16 15:01 - 00000000 ___SD C:\ComboFix
2013-07-16 10:52 - 2013-07-16 11:13 - 00000000 ____D C:\Qoobox
2013-07-16 10:52 - 2013-07-16 10:52 - 00000000 ____D C:\windows\erdnt
2013-07-16 10:52 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-16 10:52 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-16 10:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-16 10:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-16 10:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-16 10:52 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-16 10:52 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-16 10:52 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-15 21:10 - 2013-07-16 10:51 - 05089088 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-14 22:32 - 2013-07-14 22:32 - 00182824 _____ C:\Users\***\Desktop\ModLoader.zip
2013-07-14 22:31 - 2013-07-14 22:31 - 00255632 _____ C:\Users\***\Desktop\[1.6.2]ReiMinimap_v3.4_01.zip
2013-07-13 22:57 - 2013-07-13 22:57 - 00367014 _____ (hxxp://magiclauncher.com) C:\Users\***\Desktop\MagicLauncher_1.1.6.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-07-13 21:45 - 2013-07-13 21:45 - 00000000 ____D C:\Program Files\Java
2013-07-13 16:33 - 2013-07-13 16:33 - 00539688 _____ C:\Users\***\Desktop\impg1_1.zip
2013-07-13 00:45 - 2013-07-16 21:12 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 00:45 - 2013-07-13 00:45 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-11 22:15 - 2013-07-14 20:17 - 00000000 ____D C:\Users\***\Desktop\Virenscan ab 11.07.2013 jan
2013-07-11 19:54 - 2013-07-11 19:54 - 00471368 _____ C:\windows\Minidump\071113-50528-01.dmp
2013-07-11 19:53 - 2013-07-11 19:53 - 1142839757 _____ C:\windows\MEMORY.DMP
2013-07-11 18:51 - 2013-07-11 18:51 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-11 18:51 - 2013-07-11 18:51 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-10 13:51 - 2013-07-10 13:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-10 13:43 - 2013-07-10 13:45 - 00000000 ____D C:\windows\system32\MRT
2013-07-10 13:41 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-10 13:41 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-10 13:41 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-10 13:41 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-10 13:41 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-10 13:41 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-10 13:41 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-10 13:41 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-10 13:41 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-10 13:41 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-10 13:41 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-10 13:41 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-10 13:41 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-10 13:41 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-10 13:41 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-10 13:41 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-10 13:41 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-10 13:41 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-10 13:41 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-10 13:41 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-10 13:41 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-10 13:41 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-10 13:41 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-10 13:41 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-10 13:41 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-10 13:41 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-10 13:41 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-10 13:41 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-10 13:41 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 13:41 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-10 13:41 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-10 13:41 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-10 13:03 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 13:03 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 13:03 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 13:03 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 13:03 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:03 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 13:03 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-06 21:21 - 2013-07-06 21:24 - 00000000 ____D C:\Program Files\Recuva
2013-07-05 10:41 - 2013-07-16 15:02 - 00004118 _____ C:\windows\setupact.log
2013-07-05 10:41 - 2013-07-05 10:41 - 00000000 _____ C:\windows\setuperr.log
2013-07-05 10:40 - 2013-07-10 13:50 - 05140976 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-04 19:03 - 2013-07-04 19:03 - 00136248 _____ C:\Users\JANBRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 17:24 - 2013-07-04 17:24 - 00000000 ____D C:\Users\***\Desktop\world
2013-07-02 23:37 - 2013-07-16 15:37 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d.job
2013-07-02 23:37 - 2013-07-16 02:01 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c.job
2013-07-02 23:37 - 2013-07-02 23:37 - 00003630 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c
2013-07-02 23:37 - 2013-07-02 23:37 - 00003556 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d
2013-07-01 22:35 - 2013-07-01 22:35 - 00000000 ____D C:\Users\***\Documents\Amazon MP3
2013-07-01 20:00 - 2013-07-01 20:00 - 00048296 _____ C:\Users\***\look1.ls3
2013-07-01 20:00 - 2013-07-01 20:00 - 00048296 _____ C:\Users\***\look1.ls3
2013-07-01 19:48 - 2013-07-01 19:48 - 00001001 _____ C:\Users\***\Desktop\LooksBuilder.lnk
2013-07-01 19:48 - 2013-07-01 19:48 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2013-06-29 14:43 - 2013-06-29 14:43 - 00002788 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-06-29 13:33 - 2013-07-13 14:59 - 00000000 ____D C:\Users\***\Desktop\Seelenkreativ Dokumente
2013-06-28 13:55 - 2013-06-28 13:55 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 01:55 - 2013-06-28 13:55 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-06-27 01:55 - 2013-06-28 13:55 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-06-25 13:01 - 2013-06-25 13:01 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 00:00 - 2013-06-24 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-24 00:00 - 2013-06-24 00:00 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-06-23 20:30 - 2013-07-08 21:58 - 00000000 ____D C:\Users\***\Desktop\23'06'2013 - Natalie Kroll
2013-06-21 20:20 - 2013-07-16 15:01 - 00000000 ____D C:\windows\pss
2013-06-21 19:59 - 2013-06-21 19:59 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-06-21 19:57 - 2013-06-21 21:50 - 00186633 _____ C:\windows\hpoins51.dat
2013-06-21 19:57 - 2010-05-28 20:42 - 00000572 ____N C:\windows\hpomdl51.dat
2013-06-20 02:12 - 2013-06-23 23:51 - 00007019 _____ C:\Users\***\Documents\hijackthis.log
2013-06-20 01:56 - 2013-06-20 01:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\***\Desktop\HiJackThis204.exe
2013-06-19 23:44 - 2013-06-19 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 23:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
==================== One Month Modified Files and Folders =======
2013-07-16 21:21 - 2013-07-16 21:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-16 21:12 - 2013-07-13 00:45 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 21:04 - 2011-06-04 18:04 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-16 21:03 - 2013-07-16 21:03 - 00000000 ____D C:\FRST
2013-07-16 21:03 - 2013-05-13 23:20 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-16 21:03 - 2012-08-20 19:31 - 00000000 ____D C:\Users\***\Desktop\Server
2013-07-16 21:02 - 2013-07-16 21:02 - 01778253 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-16 18:05 - 2010-09-15 10:59 - 01422122 _____ C:\windows\WindowsUpdate.log
2013-07-16 17:27 - 2013-05-11 21:16 - 00000000 ____D C:\Users\JANBRU~1\AppData\Local\LogMeIn Hamachi
2013-07-16 15:37 - 2013-07-02 23:37 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d.job
2013-07-16 15:10 - 2009-07-14 06:45 - 00021376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:10 - 2009-07-14 06:45 - 00021376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:03 - 2013-05-30 13:55 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-16 15:03 - 2011-06-03 12:59 - 00000000 ____D C:\Users\***
2013-07-16 15:02 - 2013-07-05 10:41 - 00004118 _____ C:\windows\setupact.log
2013-07-16 15:02 - 2013-02-20 14:19 - 00000000 ____D C:\Users\UpdatusUser.Seelenwinter-Pc
2013-07-16 15:02 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 15:01 - 2013-07-16 10:52 - 00000000 ___SD C:\ComboFix
2013-07-16 15:01 - 2013-06-21 20:20 - 00000000 ____D C:\windows\pss
2013-07-16 15:01 - 2012-12-25 19:44 - 00000000 ____D C:\Users\Administrator
2013-07-16 15:01 - 2012-05-28 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-16 15:01 - 2011-06-14 19:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-16 15:01 - 2011-06-04 11:30 - 00000000 ____D C:\Users\Gast
2013-07-16 15:01 - 2011-06-03 14:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Winamp
2013-07-16 15:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-16 15:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2013-07-16 13:54 - 2013-05-02 15:21 - 00000000 ____D C:\Users\JANBRU~1\AppData\Local\CrashDumps
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.3 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.3 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.2 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.2 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.1 [English]
2013-07-16 12:33 - 2013-07-16 12:33 - 00000000 ____D C:\Users\***\[Okada Kou] My little sister is! vol.1 [English]
2013-07-16 11:13 - 2013-07-16 10:52 - 00000000 ____D C:\Qoobox
2013-07-16 11:12 - 2013-07-16 11:12 - 00021606 _____ C:\Users\***\Desktop\ComboFix.txt
2013-07-16 10:52 - 2013-07-16 10:52 - 00000000 ____D C:\windows\erdnt
2013-07-16 10:51 - 2013-07-15 21:10 - 05089088 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-16 10:49 - 2013-05-19 03:59 - 00000000 ____D C:\Users\***\Desktop\Lieder von Seelenmusic (Nutzungsrecht)
2013-07-16 02:01 - 2013-07-02 23:37 - 00000526 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c.job
2013-07-16 00:44 - 2011-06-13 15:11 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-14 22:32 - 2013-07-14 22:32 - 00182824 _____ C:\Users\***\Desktop\ModLoader.zip
2013-07-14 22:31 - 2013-07-14 22:31 - 00255632 _____ C:\Users\***\Desktop\[1.6.2]ReiMinimap_v3.4_01.zip
2013-07-14 20:46 - 2009-09-14 08:03 - 00729466 _____ C:\windows\system32\perfh007.dat
2013-07-14 20:46 - 2009-09-14 08:03 - 00162126 _____ C:\windows\system32\perfc007.dat
2013-07-14 20:46 - 2009-07-14 07:13 - 01699586 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-14 20:17 - 2013-07-11 22:15 - 00000000 ____D C:\Users\***\Desktop\Virenscan ab 11.07.2013 jan
2013-07-13 22:57 - 2013-07-13 22:57 - 00367014 _____ (hxxp://magiclauncher.com) C:\Users\***\Desktop\MagicLauncher_1.1.6.exe
2013-07-13 22:07 - 2013-05-27 00:13 - 00000000 ____D C:\Users\***\Desktop\Games
2013-07-13 21:45 - 2013-07-13 21:45 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-13 21:45 - 2013-07-13 21:45 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-07-13 21:45 - 2013-07-13 21:45 - 00000000 ____D C:\Program Files\Java
2013-07-13 21:45 - 2013-05-30 14:04 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-07-13 21:45 - 2011-12-10 20:43 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-07-13 21:30 - 2012-10-19 23:55 - 00004096 _____ C:\Users\Public\Documents\00001726.LCS
2013-07-13 16:33 - 2013-07-13 16:33 - 00539688 _____ C:\Users\***\Desktop\impg1_1.zip
2013-07-13 14:59 - 2013-06-29 13:33 - 00000000 ____D C:\Users\***\Desktop\Seelenkreativ Dokumente
2013-07-13 00:45 - 2013-07-13 00:45 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 00:45 - 2012-04-01 12:38 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 00:45 - 2011-06-03 15:01 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-11 19:54 - 2013-07-11 19:54 - 00471368 _____ C:\windows\Minidump\071113-50528-01.dmp
2013-07-11 19:54 - 2012-03-14 00:54 - 00000000 ____D C:\windows\Minidump
2013-07-11 19:53 - 2013-07-11 19:53 - 1142839757 _____ C:\windows\MEMORY.DMP
2013-07-11 18:51 - 2013-07-11 18:51 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-11 18:51 - 2013-07-11 18:51 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-11 02:00 - 2013-01-01 13:24 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-10 23:58 - 2013-04-28 14:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 23:58 - 2011-06-04 18:03 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 13:51 - 2013-07-10 13:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-10 13:50 - 2013-07-05 10:40 - 05140976 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-10 13:49 - 2013-05-30 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-10 13:49 - 2013-03-14 00:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 13:49 - 2013-03-14 00:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 13:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 13:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 13:45 - 2013-07-10 13:43 - 00000000 ____D C:\windows\system32\MRT
2013-07-10 13:43 - 2011-09-03 01:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 13:43 - 2011-06-10 15:06 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-10 13:27 - 2013-05-29 15:52 - 00013291 _____ C:\Users\***\Desktop\Seelenkreativ Beteiligung.xlsx
2013-07-09 22:35 - 2013-01-23 20:33 - 00000000 ____D C:\Users\***\Desktop\Monkey Island Alben & SubCulture Album & Call to Power album
2013-07-08 23:55 - 2011-06-03 13:03 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-07-08 23:54 - 2011-06-03 14:12 - 00000000 ___RD C:\Users\***\Desktop\Seelenkreativ Bilder + andere Bilder
2013-07-08 21:58 - 2013-06-23 20:30 - 00000000 ____D C:\Users\***\Desktop\23'06'2013 - Natalie Kroll
2013-07-08 08:24 - 2011-06-03 22:51 - 00000000 ____D C:\Users\***\Desktop\Musik
2013-07-06 21:24 - 2013-07-06 21:21 - 00000000 ____D C:\Program Files\Recuva
2013-07-05 10:41 - 2013-07-05 10:41 - 00000000 _____ C:\windows\setuperr.log
2013-07-04 19:03 - 2013-07-04 19:03 - 00136248 _____ C:\Users\JANBRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 17:24 - 2013-07-04 17:24 - 00000000 ____D C:\Users\***\Desktop\world
2013-07-03 21:35 - 2011-08-02 21:07 - 00000150 _____ C:\windows\wininit.ini
2013-07-02 23:37 - 2013-07-02 23:37 - 00003630 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c
2013-07-02 23:37 - 2013-07-02 23:37 - 00003556 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d
2013-07-01 22:35 - 2013-07-01 22:35 - 00000000 ____D C:\Users\***\Documents\Amazon MP3
2013-07-01 20:00 - 2013-07-01 20:00 - 00048296 _____ C:\Users\***\look1.ls3
2013-07-01 20:00 - 2013-07-01 20:00 - 00048296 _____ C:\Users\***\look1.ls3
2013-07-01 19:48 - 2013-07-01 19:48 - 00001001 _____ C:\Users\***\Desktop\LooksBuilder.lnk
2013-07-01 19:48 - 2013-07-01 19:48 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2013-07-01 19:16 - 2011-10-29 01:14 - 00000000 ____D C:\Users\***\AppData\Roaming\TeamViewer
2013-06-29 22:20 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ-Profile
2013-06-29 14:43 - 2013-06-29 14:43 - 00002788 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-06-29 14:43 - 2011-06-03 13:25 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 14:43 - 2011-06-03 13:25 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 13:39 - 2011-06-03 14:12 - 00033133 _____ C:\Users\***\Desktop\Texte.txt
2013-06-29 13:35 - 2011-06-03 14:13 - 00000000 ____D C:\Users\***\Desktop\Dokumente
2013-06-28 13:55 - 2013-06-28 13:55 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 13:55 - 2013-06-27 01:55 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-06-28 13:55 - 2013-06-27 01:55 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 13:55 - 2013-05-30 13:55 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-06-28 13:55 - 2013-05-30 13:55 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-06-28 13:55 - 2013-05-30 13:55 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-06-25 13:01 - 2013-06-25 13:01 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-25 13:01 - 2013-06-25 13:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 13:01 - 2013-03-06 11:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 13:01 - 2012-06-19 11:07 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2013-06-25 13:01 - 2011-06-03 15:01 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-06-24 00:27 - 2011-10-27 01:23 - 00007168 _____ C:\Users\JANBRU~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-24 00:07 - 2010-09-15 10:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 00:04 - 2013-06-24 00:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-24 00:00 - 2013-06-24 00:00 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-06-23 23:51 - 2013-06-20 02:12 - 00007019 _____ C:\Users\***\Documents\hijackthis.log
2013-06-21 21:58 - 2011-06-14 09:23 - 00000728 _____ C:\Users\***\Desktop\ebay text an käufer.txt
2013-06-21 21:50 - 2013-06-21 19:57 - 00186633 _____ C:\windows\hpoins51.dat
2013-06-21 21:50 - 2011-06-03 21:15 - 00017112 _____ C:\ProgramData\hpzinstall.log
2013-06-21 19:59 - 2013-06-21 19:59 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-06-21 19:59 - 2011-06-03 21:20 - 00000000 ____D C:\Program Files (x86)\HP
2013-06-21 19:59 - 2011-06-03 21:15 - 00000000 ____D C:\ProgramData\HP
2013-06-21 19:31 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-06-21 18:17 - 2012-01-20 11:57 - 00000000 ____D C:\Neuer Ordner - Css
2013-06-21 18:10 - 2011-06-03 21:23 - 00000000 ____D C:\Users\***\AppData\Roaming\HpUpdate
2013-06-21 18:00 - 2011-10-25 12:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-06-21 17:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2013-06-21 17:32 - 2009-07-14 04:34 - 00000589 _____ C:\windows\win.ini
2013-06-20 01:56 - 2013-06-20 01:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\***\Desktop\HiJackThis204.exe
2013-06-19 23:44 - 2013-06-19 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 23:37 - 2012-07-08 13:16 - 00000000 ____D C:\Users\JANBRU~1\AppData\Local\Windows Live
Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\ProgramData\ntuser.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 21:16
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03 Ran by *** at 2013-07-16 21:22:02 Running from C:\Users\***\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) 64 Bit HP CIO Components Installer (Version: 7.2.8) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) ASUS GPU Tweak (x32 Version: 2.2.8.1) Audacity 1.2.6 (x32) avast! Free Antivirus (x32 Version: 8.0.1489.0) B010 (x32 Version: 140.0.344.000) Battlefield 2(TM) (x32) BufferChm (x32 Version: 140.0.212.000) Civilization: Call To Power (x32) Command & Conquer Alarmstufe Rot 2 (x32) Command & Conquer Teil 3: Operation Tiberian Sun (x32) Cossacks - European Wars (x32) Cossacks II (x32) Counter-Strike: Source (x32) D3DX10 (x32 Version: 15.4.2368.0902) Defraggler (Version: 2.08) Destinations (x32 Version: 140.0.167.000) DeviceDiscovery (x32 Version: 140.0.212.000) Die Gilde Gold-Edition (x32 Version: 2.06) Die Sims™ 2 Apartment-Leben (x32) Die Sims™ 2 Deluxe (x32) Dragon Age: Origins (x32 Version: 1.03) eaner (Version: 4.03) EXPERTool 7.16 (x32) Fable - The Lost Chapters (x32 Version: 1.00.0000) Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0) Fallout: New Vegas (x32) FAM 1.0.0.0 (x32 Version: 1.0.0.0) FileZilla Client 3.5.3 (x32 Version: 3.5.3) Freelancer (x32) Google Chrome (HKCU Version: 27.0.1453.116) Google Update Helper (x32 Version: 1.3.21.145) GPBaseService2 (x32 Version: 140.0.211.000) Heroes of Might and Magic® III (x32) Heroes of Might and Magic® IV (x32) Herrscher des Olymp - Zeus (x32) Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000) HP Customer Participation Program 14.0 (Version: 14.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) HP Update (x32 Version: 5.002.002.002) HPDiagnosticAlert (x32 Version: 1.00.0000) HPPhotoGadget (x32 Version: 140.0.524.000) HPProductAssistant (x32 Version: 140.0.212.000) HPSSupply (x32 Version: 140.0.211.000) ICQ 8.0 (build 6019) (HKCU Version: 8.0.6019.0) Indeo® software (x32) Intel(R) Graphics Media Accelerator Driver Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 45 (64-bit) (Version: 6.0.450) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lenovo Power2Go (x32 Version: 6.0.3321a3) Lenovo Rescue System (Version: 3.0.1029) Lenovo Rescue System (x32 Version: 3.0.1029) Lenovo Software Instruction (x32 Version: 1.0.0.090907) Lenovo Treiber- und Anwendungsinstallation (x32 Version: 5.1.0.1126) LogMeIn Hamachi (x32 Version: 2.1.0.374) Lords of Magic (x32) Magic Bullet LooksBuilder (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 140.0.212.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Game Studios Common Redistributables Pack 1 (x32 Version: 1.0.0) Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6106.5001) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XML Parser (x32 Version: 8.20.8730.4) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Morrowind (x32) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) Patrizier 4 (x32 Version: 1.3.0) Patrizier II Gold (x32) Pharao (x32) PhotoScape (x32) Picasa 3 (x32 Version: 3.9) Pool of Radiance (x32) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PS_AIO_07_B010_SW_Min (x32 Version: 140.0.224.000) QuickTime (x32 Version: 7.74.80.86) Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0006) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5882) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30095) Recuva (Version: 1.47) Revo Uninstaller 1.92 (x32 Version: 1.92) Scan (x32 Version: 140.0.80.000) ScummVM 1.5.0 (x32) Security Task Manager 1.8g (x32 Version: 1.8g) Shop for HP Supplies (Version: 14.0) Sierra-Dienstprogramme (x32) Skype™ 6.6 (x32 Version: 6.6.106) SmartWebPrinting (x32 Version: 140.0.186.000) SolutionCenter (x32 Version: 140.0.214.000) Status (x32 Version: 140.0.256.000) Steam (x32 Version: 1.0.0.0) Stronghold (x32) Stronghold Crusader (x32) TeamSpeak 3 Client (Version: 3.0.10.1) TeamViewer 8 (x32 Version: 8.0.19045) TES Construction Set (x32) Toolbox (x32 Version: 140.0.428.000) Total Annihilation: Kingdoms (x32) TrayApp (x32 Version: 140.0.212.000) Tropico Reloaded (x32) UBitMenuDE (x32 Version: 01.04) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) WebReg (x32 Version: 140.0.212.017) Winamp (x32 Version: 5.61 ) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows XP Mode (Version: 1.3.7600.16422) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 10-07-2013 11:24:55 Removed Java 7 Update 25 (64-bit) 10-07-2013 11:25:48 Installed Java 7 Update 25 (64-bit) 10-07-2013 11:33:52 Windows Update 13-07-2013 19:43:49 Removed Java 7 Update 25 (64-bit) 13-07-2013 19:44:47 Installed Java 7 Update 25 (64-bit) 16-07-2013 08:52:57 ComboFix created restore point 16-07-2013 12:59:51 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {10D0FAAD-66EB-4BE0-A640-4799F6211D0E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {35A77E10-DE9E-42E9-B4B4-5C1FD1305BE4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {4591B6C3-B1BC-44C8-873C-80BC24E838CF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {87BAC312-745E-434E-8968-714425C66BD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {93238DA7-DD39-41C7-80FD-A3EA350B5CE5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9694E1FD-08E6-42D7-8E13-2DB35166E693} - System32\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c => C:\Program Files\SUPERAntiSpyware\SASTask.exe No File Task: {BCCE93F0-1BD7-4387-A3C6-E19D8C724C41} - System32\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d => C:\Program Files\SUPERAntiSpyware\SASTask.exe No File Task: {FC48D69B-879E-4E44-B666-05971527804D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95739947-80dd-49b3-95bd-00188d285c7c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 962db089-2c5f-4644-9817-016c869b449d.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/13/2013 05:44:53 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/13/2013 03:08:59 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/13/2013 03:08:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/09/2013 03:15:48 PM) (Source: Application Hang) (User: ) Description: Programm winamp.exe, Version 5.6.1.3133 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit: 01ce7c8dd0103073 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe Berichts-ID: aa0353a4-e899-11e2-8dea-4487fcf24763 Error: (06/27/2013 11:05:53 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ae0 Startzeit: 01ce6eab5cdd9b8f Endzeit: 140 Anwendungspfad: C:\windows\Explorer.EXE Berichts-ID: 587651a0-df6d-11e2-b7f8-4487fcf24763 Error: (06/21/2013 06:08:27 PM) (Source: MsiInstaller) (User: Seelenwinter-Pc) Description: Produkt: HP Update -- Fehler 1905. Fehler beim Entfernen von Modul C:\Program Files (x86)\HP\Common\TransferManagerPS.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support. Error: (06/21/2013 06:08:27 PM) (Source: MsiInstaller) (User: Seelenwinter-Pc) Description: Produkt: HP Update -- Fehler 1905. Fehler beim Entfernen von Modul C:\Program Files (x86)\HP\Common\TransferManager.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support. Error: (06/21/2013 06:08:26 PM) (Source: MsiInstaller) (User: Seelenwinter-Pc) Description: Produkt: HP Update -- Fehler 1905. Fehler beim Entfernen von Modul C:\Program Files (x86)\HP\Common\RulesEngine2.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support. Error: (06/21/2013 06:08:25 PM) (Source: MsiInstaller) (User: Seelenwinter-Pc) Description: Produkt: HP Update -- Fehler 1905. Fehler beim Entfernen von Modul C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support. Error: (06/21/2013 06:08:25 PM) (Source: MsiInstaller) (User: Seelenwinter-Pc) Description: Produkt: HP Update -- Fehler 1905. Fehler beim Entfernen von Modul C:\Program Files (x86)\HP\Common\HPeDiag.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support. System errors: ============= Error: (07/16/2013 03:05:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (07/16/2013 03:03:29 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv06 prohlp02 prosync1 sfhlp01 Error: (07/16/2013 03:02:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/16/2013 03:02:45 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (07/16/2013 03:00:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502. Error: (07/16/2013 03:00:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (07/16/2013 03:00:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014789. Error: (07/16/2013 03:00:12 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT) Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952507. Error: (07/16/2013 02:59:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502. Error: (07/16/2013 02:59:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014789. Microsoft Office Sessions: ========================= Error: (05/23/2013 11:35:49 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 205 seconds with 180 seconds of active time. This session ended with a crash. Error: (05/23/2013 11:31:54 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 278 seconds with 180 seconds of active time. This session ended with a crash. Error: (05/23/2013 11:27:04 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1402 seconds with 1260 seconds of active time. This session ended with a crash. Error: (11/15/2012 07:43:18 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/29/2012 03:46:23 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1010 seconds with 540 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-07-16 11:03:17.577 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-16 11:03:17.343 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:27.514 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:27.369 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:27.219 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:27.063 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:19.805 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 15:07:19.650 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\JANBRU~1\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-01 17:00:59.832 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-05-01 17:00:59.832 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 8191.24 MB Available physical RAM: 6567.78 MB Total Pagefile: 16380.67 MB Available Pagefile: 14727.4 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:906.34 GB) (Free:759.19 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1DFF4F29) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=12) ==================== End Of Log ============================ |
|
17.07.2013, 14:56
| #9 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
19.07.2013, 13:18
| #10 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC)Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-19 00:51:16
-----------------------------
00:51:16.247 OS Version: Windows x64 6.1.7601 Service Pack 1
00:51:16.247 Number of processors: 2 586 0x170A
00:51:16.248 ComputerName: SEELENWINTER-PC UserName: ***
00:51:20.042 Initialize success
00:51:20.655 AVAST engine defs: 13071803
00:51:22.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:51:22.250 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3FE Size: 953869MB BusType: 3
00:51:22.367 Disk 0 MBR read successfully
00:51:22.369 Disk 0 MBR scan
00:51:22.372 Disk 0 Windows 7 default MBR code
00:51:22.374 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:51:22.382 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
00:51:22.420 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
00:51:22.541 Disk 0 scanning C:\windows\system32\drivers
00:51:29.931 Service scanning
00:51:45.787 Modules scanning
00:51:45.793 Disk 0 trace - called modules:
00:51:45.808 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:51:46.137 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c8c2a0]
00:51:46.141 3 CLASSPNP.SYS[fffff8800187043f] -> nt!IofCallDriver -> [0xfffffa8007b02520]
00:51:46.144 5 ACPI.sys[fffff88000f9e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80077d2060]
00:51:47.524 AVAST engine scan C:\windows
00:51:51.738 AVAST engine scan C:\windows\system32
00:54:24.278 AVAST engine scan C:\windows\system32\drivers
00:54:35.042 AVAST engine scan C:\Users\***
01:01:31.563 AVAST engine scan C:\ProgramData
01:02:31.498 Scan finished successfully
01:03:04.617 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
01:03:04.633 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
19.07.2013, 13:19
| #11 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Aktualisiere:
Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
19.07.2013, 14:28
| #12 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Ich bedanke mich!  |
|
20.07.2013, 17:32
| #13 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) wuensche eine virenfreie Zeit  |
|
01.10.2013, 11:15
| #14 |
| | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) Ich weiß, ich hätte vorher dran denken sollen. -.- Ich habs gerade über Google gesehen - mein Name steht noch in den Logfiles. Ich würde bitten, dass das entfernt wird oder ich mich über Bearbeitung selbst darum kümmern kann. Es ist einer der ersten Suchergebnisse & das ist nicht unbedingt schön anzusehen. |
|
03.10.2013, 09:41
| #15 |
| /// Helfer-Team | Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) |
|
| Themen zu Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC) |
| adblock, antivirus, bho, browser, fehler 5, fehlermeldung, firefox, flash player, format, ftp, google, helper, hijack, hijackthis, homepage, logfile, mozilla, nodrives, plug-in, realtek, registry, scan, security, server, software, spamhaus, superantispyware, viren, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
