| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.10.2014, 15:43
| #1 |
| |  Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Hi, Der LapTop meiner Eltern ist ziemlich abrupt langsamer geworden.  ein Virenscan hat ein paar Probleme gefunden, aber in Anbetracht des Zeitraumes zwischen den letzten virencheck wahren es wenige. Dazu kommt noch dass, viele Programme auf einmal drauf sind, die ich nicht kenne und dessen Zwek ich nicht kenne und verstehe Danke für eure Hilfe im voraus  P.S.: Logs im anhang |
|
11.10.2014, 15:50
| #2 |
| /// the machine /// TB-Ausbilder    |  Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.10.2014, 18:26
| #3 |
| | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Hi Sorry, dass es so lange gedauert hat mit der antwort aber ich wohn nicht mehr zuhause
__________________FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Warkentin at 2014-10-11 15:31:58
Running from H:\Trojana Programme
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
AdFender (HKLM-x32\...\AdFender) (Version: 1.80 - AdFender, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Brother MFL-Pro Suite MFC-295CN (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
COSMOview ControlPanel 1.05h (HKLM-x32\...\COSMOview ControlPanel) (Version: 1.05h - DEOS control systems GmbH)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10600.6.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11200.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.14800.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.11200.16.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.11100.9.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11500.16.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11000.12.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14400.24.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.0.14300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.11300.21.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11500.18.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stronghold AntiMalware (HKLM-x32\...\Stronghold AntiMalware_is1) (Version: 1.0 - Security Stronghold)
SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM-x32\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
21-09-2014 17:16:36 Geplanter Prüfpunkt
26-09-2014 17:11:58 Windows Update
03-10-2014 01:00:12 Windows Update
05-10-2014 10:14:46 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {24DF2535-C646-4BB4-9D70-2C7024039551} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {26D37717-F708-45D7-AB4B-72E9FEBCE075} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {37133E99-0015-4799-A408-99460003E04A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {3E1A1096-DE9B-4C97-A057-432D81259B9B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {575B5A4A-1081-4587-B729-F3B7A784341E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {7A469B00-3A4A-4126-A912-0961DA59FBA0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {80B5245A-75F7-4CB1-B5B2-4678CF175C8F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {A2EE3E45-2AD9-45F3-907D-A08B029FDCE3} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2012-11-30] ()
Task: {BDF9FB4D-478C-47BC-AE64-DE02B79687BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C9439E95-E31D-4E42-8140-7AF9FE40BD6B} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-05-09] (DealPly) <==== ATTENTION
Task: {F1C9C3CA-590A-453D-8CBC-56810B8162B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2013-01-10 19:55 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-10-11 13:25 - 2014-09-29 15:19 - 02910632 _____ () C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-01-10 19:55 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-11 13:10 - 2013-11-18 03:18 - 00258944 _____ () C:\Users\Warkentin\AppData\Local\Temp\MxUninstall\Maxzlib.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #3
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #4
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/11/2014 03:21:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (10/11/2014 02:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Maxthon.exe, Version: 4.2.1.1000, Zeitstempel: 0x52c66490
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003c889
ID des fehlerhaften Prozesses: 0x29fc
Startzeit der fehlerhaften Anwendung: 0xMaxthon.exe0
Pfad der fehlerhaften Anwendung: Maxthon.exe1
Pfad des fehlerhaften Moduls: Maxthon.exe2
Berichtskennung: Maxthon.exe3
Error: (10/11/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 08:58:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (10/10/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (10/10/2014 07:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 08:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (10/09/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (10/09/2014 07:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 04:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
System errors:
=============
Error: (10/06/2014 07:53:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (10/06/2014 07:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/06/2014 07:52:41 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.5 mit dem Computer mit der
Netzwerkhardwareadresse A4-DB-30-83-FA-F8 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (10/06/2014 07:52:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (10/03/2014 02:57:47 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse E4-32-CB-EE-BE-BE ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (09/26/2014 06:43:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (09/26/2014 06:43:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 06:43:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (09/21/2014 06:03:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 9" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/21/2014 06:03:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 9 erreicht.
Microsoft Office Sessions:
=========================
Error: (10/11/2014 03:21:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Warkentin\Downloads\cossacks [1].exe
Error: (10/11/2014 02:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Maxthon.exe4.2.1.100052c66490ntdll.dll6.1.7601.18247521ea8e7c00000050003c88929fc01cfe54ed31fbfc9C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exeC:\Windows\SysWOW64\ntdll.dll22e8d936-5142-11e4-b5d5-002454ae4a90
Error: (10/11/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 08:58:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/10/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/10/2014 07:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 08:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/09/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/09/2014 07:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 04:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-10-07 17:13:46.169
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 17:13:46.167
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 17:13:46.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 17:13:46.143
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 17:13:46.140
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 17:13:46.138
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 11:56:45.437
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 11:56:45.437
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 11:56:45.437
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 11:56:45.406
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 3892.55 MB
Available physical RAM: 1374.25 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4908.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System Win7) (Fixed) (Total:78.03 GB) (Free:37.21 GB) NTFS
Drive d: (Dokumente) (Fixed) (Total:29.3 GB) (Free:28.51 GB) NTFS
Drive e: (Bider, Musik, Video) (Fixed) (Total:125.46 GB) (Free:119.22 GB) NTFS
Drive h: (Endzeitmedium) (Fixed) (Total:465.76 GB) (Free:240.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E1DBE1DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=125 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0002E78D)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:22 on 11/10/2014 (Warkentin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 (ATTENTION: ====> FRST version is 121 days old and could be outdated)
Ran by Warkentin (administrator) on WARKENTIN-PC on 11-10-2014 15:30:55
Running from H:\Trojana Programme
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Maxthon International ltd.) C:\Users\Warkentin\AppData\Local\Temp\MxUninstall\MxUninstall.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
() C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
(Security Stronghold) C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495656 2014-09-29] (Security Stronghold)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [DriverScanner] => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:49237;https=127.0.0.1:49237
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FB6D8803CE2CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0F37B5BF-A554-4E3D-BBB3-5E6F6ECEF4CC}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{5EE56C4E-DDE2-4BF8-B48B-DDF6E574079D}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{7356D5CC-842F-4338-BF11-B56BEC0A87E2}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{A4D0FC3F-B3F1-4BA2-84A7-47FD35DA8D67}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-13]
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 ServiceSAM; C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [2910632 2014-09-29] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-14] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-14] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-10-11 15:30 - 2014-10-11 15:30 - 00000000 ____D () C:\FRST
2014-10-11 15:22 - 2014-10-11 15:23 - 00000000 ____D () C:\Users\Warkentin\Desktop\Trojaner_Bord dokumente
2014-10-11 15:22 - 2014-10-11 15:22 - 00000000 _____ () C:\Users\Warkentin\defogger_reenable
2014-10-11 13:25 - 2014-10-11 15:30 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-10-11 13:25 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-10-11 13:24 - 2014-10-11 13:25 - 00000000 ____D () C:\Trojaner programme
2014-10-02 10:24 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 10:24 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 18:55 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-26 18:55 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 14:04 - 2014-09-19 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-13 17:58 - 2014-09-13 17:58 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Adobe
2014-09-12 20:13 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:13 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:12 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:12 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:12 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:12 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:12 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:12 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:12 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:12 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:12 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:12 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:12 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:12 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:12 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:12 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:12 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:12 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:12 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:12 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:12 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:12 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:12 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:12 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:12 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:12 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:12 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:12 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:12 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:12 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:12 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:12 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:12 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:12 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:12 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:12 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:12 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:12 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:12 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:12 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:12 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:12 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:12 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:12 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:12 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:12 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:12 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:12 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 20:08 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 20:08 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 18:37 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 18:37 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 18:36 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 18:36 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 18:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 18:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 18:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 18:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 18:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 18:36 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 18:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
==================== One Month Modified Files and Folders =======
2014-10-11 15:31 - 2012-12-15 14:45 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Temp
2014-10-11 15:30 - 2014-10-11 15:30 - 00000000 ____D () C:\FRST
2014-10-11 15:30 - 2014-10-11 13:25 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-10-11 15:26 - 2012-12-15 14:42 - 01968250 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 15:23 - 2014-10-11 15:22 - 00000000 ____D () C:\Users\Warkentin\Desktop\Trojaner_Bord dokumente
2014-10-11 15:22 - 2014-10-11 15:22 - 00000000 _____ () C:\Users\Warkentin\defogger_reenable
2014-10-11 15:22 - 2012-12-15 14:45 - 00000000 ____D () C:\Users\Warkentin
2014-10-11 15:15 - 2011-04-12 09:43 - 00703182 _____ () C:\Windows\system32\perfh007.dat
2014-10-11 15:15 - 2011-04-12 09:43 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-10-11 15:15 - 2009-07-14 07:13 - 01629346 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 14:50 - 2014-06-04 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 14:03 - 2014-01-13 15:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 13:29 - 2013-10-26 19:25 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-10-11 13:25 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-10-11 13:25 - 2014-10-11 13:24 - 00000000 ____D () C:\Trojaner programme
2014-10-11 13:18 - 2014-05-08 14:40 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-10-11 13:15 - 2009-07-14 06:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:15 - 2009-07-14 06:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:10 - 2014-08-17 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-11 13:09 - 2013-10-20 00:45 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Google
2014-10-11 13:09 - 2012-12-15 20:02 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-11 13:05 - 2014-06-12 20:33 - 00007168 _____ () C:\Windows\setupact.log
2014-10-11 13:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 19:35 - 2014-05-08 14:40 - 00000000 ____D () C:\Users\Warkentin\AppData\Roaming\DiskDefrag
2014-10-06 19:52 - 2012-12-15 20:33 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-10-05 12:27 - 2013-08-14 20:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-02 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 18:44 - 2014-06-04 15:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 18:44 - 2012-12-15 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 18:44 - 2012-12-15 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 04:08 - 2014-10-02 10:24 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 03:40 - 2014-10-02 10:24 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-21 18:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 16:37 - 2012-12-15 20:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-20 16:28 - 2014-06-12 20:32 - 00004030 _____ () C:\Windows\PFRO.log
2014-09-20 16:28 - 2013-03-22 17:41 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-09-19 14:06 - 2014-09-19 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-19 14:06 - 2013-10-15 11:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-16 19:58 - 2014-05-08 18:57 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-16 19:58 - 2014-04-01 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-16 17:25 - 2014-02-07 11:45 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-13 17:58 - 2014-09-13 17:58 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Adobe
2014-09-12 20:11 - 2012-12-15 22:18 - 01603626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:08 - 2014-04-30 14:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Warkentin\AppData\Local\Temp\GMX_Firefox_Setup.exe
C:\Users\Warkentin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Warkentin\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-07 17:11
==================== End Of Log ============================
--- --- --- |
|
29.10.2014, 18:27
| #4 |
| | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-11 15:55:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250HI rev.2AC101C4 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\WARKEN~1\AppData\Local\Temp\uxliiuoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003005000 8 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003005010 29 bytes [43, 07, 50, 01, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AdFender\AdFender.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Program Files (x86)\AdFender\AdFender.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [784] entry point in ".rdata" section 000000006e1d71e6
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774411f5 8 bytes {JMP 0xd}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077441fd7 8 bytes {JMP 0xb}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774427d2 8 bytes {JMP 0x10}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774433c0 16 bytes {JMP 0x4e}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:5912] 000007fef6b04094
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6068] 000007fef5087c4c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:1356] 000007fef6b04094
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6092] 000007fef4a5c0d0
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6100] 000007fef6b04094
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2728] 000007fef6b04094
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2320] 000007fef6b04094
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2396] 000007fef4a5c0d0
---- EOF - GMER 2.1 ----
|
|
30.10.2014, 11:55
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.11.2014, 13:38
| #6 |
| | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Combofix Combofix Logfile: Code:
ATTFilter ComboFix 14-11-09.01 - Warkentin 09.11.2014 13:18:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3893.2232 [GMT 1:00]
ausgeführt von:: c:\users\Warkentin\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\Logos\amazon.ico
c:\program files (x86)\Wajam\Logos\argos.ico
c:\program files (x86)\Wajam\Logos\ask.ico
c:\program files (x86)\Wajam\Logos\bestbuy.ico
c:\program files (x86)\Wajam\Logos\ebay.ico
c:\program files (x86)\Wajam\Logos\etsy.ico
c:\program files (x86)\Wajam\Logos\facebook.ico
c:\program files (x86)\Wajam\Logos\favicon.ico
c:\program files (x86)\Wajam\Logos\google.ico
c:\program files (x86)\Wajam\Logos\homedepot.ico
c:\program files (x86)\Wajam\Logos\ikea.ico
c:\program files (x86)\Wajam\Logos\imdb.ico
c:\program files (x86)\Wajam\Logos\lowes.ico
c:\program files (x86)\Wajam\Logos\mercado.ico
c:\program files (x86)\Wajam\Logos\mysearchweb.ico
c:\program files (x86)\Wajam\Logos\myshopping.ico
c:\program files (x86)\Wajam\Logos\searchresult.ico
c:\program files (x86)\Wajam\Logos\sears.ico
c:\program files (x86)\Wajam\Logos\setting.ico
c:\program files (x86)\Wajam\Logos\settings.ico
c:\program files (x86)\Wajam\Logos\shopping.ico
c:\program files (x86)\Wajam\Logos\target.ico
c:\program files (x86)\Wajam\Logos\tesco.ico
c:\program files (x86)\Wajam\Logos\tripadvisor.ico
c:\program files (x86)\Wajam\Logos\twitter.ico
c:\program files (x86)\Wajam\Logos\wajam.ico
c:\program files (x86)\Wajam\Logos\walmart.ico
c:\program files (x86)\Wajam\Logos\wiki.ico
c:\program files (x86)\Wajam\Logos\yahoo.ico
c:\program files (x86)\Wajam\Logos\zalando.ico
c:\program files (x86)\Wajam\Wajam Internet Enhancer\makecert.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\wie
c:\program files (x86)\Wajam\Wajam Internet Enhancer\WJManifest
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-09 bis 2014-11-09 ))))))))))))))))))))))))))))))
.
.
2014-11-09 12:26 . 2014-11-09 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-09 11:52 . 2014-11-09 11:52 -------- d-----w- c:\users\Warkentin\AppData\Local\AVG Web TuneUp
2014-11-09 11:52 . 2014-11-09 11:52 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-11-09 11:51 . 2014-11-09 11:51 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-11-09 11:51 . 2014-11-09 11:51 -------- d-----w- c:\programdata\AVG Secure Search
2014-11-09 11:51 . 2014-11-09 11:51 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2014-11-09 11:51 . 2014-11-09 11:51 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2014-11-09 11:51 . 2014-11-09 11:52 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-10-16 19:12 . 2014-10-07 02:04 812736 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-10-16 19:11 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 19:11 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 19:11 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-10-16 19:11 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll
2014-10-16 19:11 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe
2014-10-16 19:11 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-10-16 19:11 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-16 19:11 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-10-16 19:11 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-10-16 19:11 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll
2014-10-16 19:11 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-12 13:38 . 2014-10-12 13:38 -------- d-----w- c:\users\Warkentin\AppData\Local\Kalypso Media
2014-10-12 13:37 . 2014-06-06 04:39 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-12 13:37 . 2014-06-06 04:38 822384 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-10-12 13:37 . 2014-06-06 04:38 1022576 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-10-12 13:37 . 2014-06-06 04:38 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-10-12 13:34 . 2014-02-16 11:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\msvcr100.dll
2014-10-12 13:34 . 2014-02-16 11:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\msvcp100.dll
2014-10-12 13:34 . 2014-10-12 13:35 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-10-12 13:34 . 2014-10-12 13:35 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-10-12 13:34 . 2014-10-12 13:35 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-10-12 13:34 . 2014-10-12 13:35 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll
2014-10-12 13:34 . 2014-10-12 13:35 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe
2014-10-12 13:34 . 2014-10-12 13:35 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe
2014-10-12 13:34 . 2014-02-16 11:58 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-10-12 13:33 . 2014-10-12 14:08 -------- d-----w- c:\users\Warkentin\AppData\Roaming\Tropico 4
2014-10-12 13:30 . 2014-10-12 13:30 -------- d-----w- c:\users\Warkentin\AppData\Roaming\Kalypso Media
2014-10-11 14:39 . 2014-10-11 14:39 -------- d-----w- c:\program files (x86)\7-Zip
2014-10-11 13:30 . 2014-10-11 13:32 -------- d-----w- C:\FRST
2014-10-11 11:24 . 2014-10-11 11:25 -------- d-----w- C:\Trojaner programme
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 11:51 . 2012-12-15 18:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-09 11:51 . 2012-12-15 18:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 19:06 . 2012-12-15 19:29 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-02 08:24 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-02 08:24 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-26 16:55 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-26 16:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 20:15 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 20:15 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-05-08 13:39 . 2014-05-08 13:39 13084896 ----a-w- c:\program files (x86)\Silverlight_x64.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-11-09 11:51 2369560 ----a-w- c:\program files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}]
2013-10-26 17:22 299224 ----a-w- c:\program files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3004627E-F8E9-4E8B-909D-316753CBA923}"= "c:\program files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll" [2013-10-26 285912]
.
[HKEY_CLASSES_ROOT\clsid\{3004627e-f8e9-4e8b-909d-316753cba923}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Stronghold AntiMalware"="c:\trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe" [2014-09-29 6495656]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-11-09 3060248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGTP
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-27 11:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://gmx.de/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49237;https=127.0.0.1:49237
uInternet Settings,ProxyOverride = <-loopback>
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0F37B5BF-A554-4E3D-BBB3-5E6F6ECEF4CC}: NameServer = 192.168.0.1
TCP: Interfaces\{5EE56C4E-DDE2-4BF8-B48B-DDF6E574079D}: NameServer = 192.168.0.1
TCP: Interfaces\{7356D5CC-842F-4338-BF11-B56BEC0A87E2}: NameServer = 192.168.0.1
TCP: Interfaces\{A4D0FC3F-B3F1-4BA2-84A7-47FD35DA8D67}: NameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
FF - ProfilePath - c:\users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={C4E0F3F8-4E59-4671-A26C-415D68F88352}&mid=cef190f878e047d08510d16d124aa363-fa1524df98b1f62014eebed0dd917cef9cd5a2b6&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-09 12:51&v=4.0.0.19&pid=wtu&sg=&sap=hp
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-DriverScanner - c:\program files (x86)\Uniblue\DriverScanner\launcher.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-09 13:31:53
ComboFix-quarantined-files.txt 2014-11-09 12:31
.
Vor Suchlauf: 9 Verzeichnis(se), 43.824.836.608 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.617.386.496 Bytes frei
.
- - End Of File - - DDFC39802ED07E7321B50C1BFF28F8CB
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] |
|
10.11.2014, 10:07
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.11.2014, 11:07
| #8 |
| | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.11.2014 Suchlauf-Zeit: 08:51:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.15.02 Rootkit Datenbank: v2014.11.12.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Warkentin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 326614 Verstrichene Zeit: 21 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 74 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [d03ee15b116b0135821a628e35cd1fe1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [d03ee15b116b0135821a628e35cd1fe1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, In Quarantäne, [4fbf48f4661679bd1c6b981fe220847c], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, In Quarantäne, [4fbf48f4661679bd1c6b981fe220847c], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [c747f8444834c67032d0e80960a28e72], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, In Quarantäne, [cb4386b685f780b657fc8070d52d857b], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [68a6f448e795a29437c99bd8c73c36ca], PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, In Quarantäne, [3bd385b727552c0a7a57f797a46044bc], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [fa144af24e2eaf8758186beab74c9868], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [52bcd765116bac8ad65397bf9a699c64], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [18f688b40a729c9a7888541f9e65a65a], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, In Quarantäne, [5db1300caece80b60d181b6bae56a759], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [e52974c85527f343bff2cbbcab5927d9], PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [fe109aa287f5ef47835fc172b54e966a], PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, In Quarantäne, [4fbff7458fed7db96b64117df212d32d], PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [e6286ad22f4d6bcb3ba746ed877c748c], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, In Quarantäne, [7f8f1e1eb6c62a0c2a9c394e64a032ce], PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [ca440f2dc1bb83b32604332301027d83], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [a56952eaabd1c96d8d72581a699a2ad6], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [9876023ae79594a2058bd49c33d00df3], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, In Quarantäne, [808ea993522a49ed8ee588037e8634cc], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [848af6460e6e2a0ca91f0b7b40c4de22], PUP.Optional.SweetIM.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [c8469aa2621ac6708b251770ee1610f0], PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [4cc21b2165172016be6c15412fd4768a], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\m, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\m, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], Registrierungswerte: 8 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [ba549d9fd3a90531163c3cb4c63ce21e], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [0608142894e885b16d334309f50ef20e] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [020cc874bfbdf73ff5ab69e3b94a738d] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D1F55A43-46E5-11E2-A21E-002454AE4A90}, In Quarantäne, [e52974c85527f343bff2cbbcab5927d9] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [848af6460e6e2a0ca91f0b7b40c4de22] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [13fb3606a2da3501722f53f9a45f57a9] PUP.Optional.SweetIM.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {D1F55A43-46E5-11E2-A21E-002454AE4A90}, In Quarantäne, [c8469aa2621ac6708b251770ee1610f0] Registrierungsdaten: 3 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[719dfd3f4933b28475c14701679e7c84] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[bb5335076f0d3303668585b933d2ba46] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[19f567d57efee55183b3af9934d18878] Ordner: 25 PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [f61840fc4f2dd561a677840221e30af6], PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly, In Quarantäne, [21ed47f5245849edd73cc63efd06827e], PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly\UpdateProc, In Quarantäne, [21ed47f5245849edd73cc63efd06827e], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b], PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\871308983126464AB1CC4485CF32CACD, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b], PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\BF6425444BB94FF6A91C6E6C96E3C569, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03], PUP.Optional.RegCleanerPro.A, C:\Users\Warkentin\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [749a79c3de9e0c2a2f9061a353b0d12f], PUP.Optional.RegCleanerPro.A, C:\Users\Warkentin\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [749a79c3de9e0c2a2f9061a353b0d12f], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71], PUP.Optional.BonanzaDeals.A, C:\Users\Warkentin\AppData\Local\BonanzaDealsLive, In Quarantäne, [d33b89b314689f9774be06ffd132c43c], PUP.Optional.BonanzaDeals.A, C:\Users\Warkentin\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [d33b89b314689f9774be06ffd132c43c], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [907ea19b4735ba7c92a221e434cf1ce4], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [907ea19b4735ba7c92a221e434cf1ce4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, In Quarantäne, [50be2f0db0cc9b9b67adba72cb38817f], Dateien: 28 PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe, In Quarantäne, [4dc194a804780531712c3cb40bf708f8], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll, In Quarantäne, [7b93a9935b21e74ff12f0f2def127090], PUP.Optional.Softonic, C:\Users\Warkentin\Downloads\cossacks [1].exe, In Quarantäne, [a36b2418cbb151e57496809eb54cf709], PUP.Optional.SweetIM, C:\Windows\Installer\38628.msi, In Quarantäne, [838ba29ac7b5c5718ab68be332d3a759], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Local\mysearchdial-speeddial.crx, In Quarantäne, [ce40e25a0577c76f824fa7a3a26135cb], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [a9653dffafcda5918b81f75783809d63], PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6], PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6], PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6], PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly\UpdateProc\config.dat, In Quarantäne, [21ed47f5245849edd73cc63efd06827e], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070\59.ico, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070\60.ico, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\config.dat, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\info.dat, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8], PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\871308983126464AB1CC4485CF32CACD\driverscannerDE.exe, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b], PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\BF6425444BB94FF6A91C6E6C96E3C569\TuneUpUtilities2013_2200218_de-DE.exe, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\Sqlite3.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninst.dat, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, In Quarantäne, [50be2f0db0cc9b9b67adba72cb38817f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 15/11/2014 um 10:11:13
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-13.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Warkentin - WARKENTIN-PC
# Gestartet von : C:\Users\Warkentin\Downloads\adwcleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Public\Documents\Stronghold AntiMalware
Ordner Gelöscht : C:\Users\Warkentin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\Extensions\Avg@toolbar
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\searchplugins\avg-secure-search.xml
***** [ Tasks ] *****
Task Gelöscht : DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v30.0 (en-US)
[rb8jh4or.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[rb8jh4or.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[R0].txt - [7922 octets] - [15/11/2014 10:06:25]
AdwCleaner[S0].txt - [7460 octets] - [15/11/2014 10:11:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7520 octets] ##########
[/CODE] JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Warkentin on 15.11.2014 at 10:24:51,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-F20E59B9.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERINSTALLER.EXE-126F6397.pf
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Warkentin\appdata\local\cre"
~~~ FireFox
Successfully deleted the following from C:\Users\Warkentin\AppData\Roaming\mozilla\firefox\profiles\rb8jh4or.default\prefs.js
user_pref("browser.startup.homepage", "hxxps://mysearch.avg.com?cid={C4E0F3F8-4E59-4671-A26C-415D68F88352}&mid=cef190f878e047d08510d16d124aa363-fa1524df98b1f62014eebed0dd917ce
Emptied folder: C:\Users\Warkentin\AppData\Roaming\mozilla\firefox\profiles\rb8jh4or.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.11.2014 at 10:29:27,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
15.11.2014, 20:51
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf TrojanerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner |
| applaus, fehlercode 0x0, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, gefunde, langsamer, laptop, probleme, programme, sweetim for messenger 3.7 entfernen, sweetpacks bundle uninstaller entfernen, this device is disabled. (code 22), trojane, trojaner, unbekante programme, virencheck, virenscan, windows 7, zwischen |
dann auf 
und dann auf 
. 
Linear-Darstellung
