Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner (https://www.trojaner-board.de/159635-windows-7-lap-top-drastisch-langsamer-geworden-anzeichen-trojaner.html)

MasterChaos 11.10.2014 15:43
Windows 7: Lap Top ist drastisch langsamer geworden und anzeichen auf Trojaner
 
Hi,

Der LapTop meiner Eltern ist ziemlich abrupt langsamer geworden.:balla:
ein Virenscan hat ein paar Probleme gefunden, aber in Anbetracht des Zeitraumes zwischen den letzten virencheck wahren es wenige.
Dazu kommt noch dass, viele Programme auf einmal drauf sind, die ich nicht kenne und dessen Zwek ich nicht kenne und verstehe

Danke für eure Hilfe im voraus :applaus:

P.S.: Logs im anhang

schrauber 11.10.2014 15:50
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

MasterChaos 29.10.2014 18:26
Hi Sorry, dass es so lange gedauert hat mit der antwort aber ich wohn nicht mehr zuhause

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Warkentin at 2014-10-11 15:31:58
Running from H:\Trojana Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

AdFender (HKLM-x32\...\AdFender) (Version: 1.80 - AdFender, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Brother MFL-Pro Suite MFC-295CN (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
COSMOview ControlPanel 1.05h (HKLM-x32\...\COSMOview ControlPanel) (Version: 1.05h - DEOS control systems GmbH)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10600.6.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11200.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.14800.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.11200.16.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.11100.9.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11500.16.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11000.12.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14400.24.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.0.14300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.11300.21.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11500.18.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stronghold AntiMalware (HKLM-x32\...\Stronghold AntiMalware_is1) (Version: 1.0 - Security Stronghold)
SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM-x32\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

21-09-2014 17:16:36 Geplanter Prüfpunkt
26-09-2014 17:11:58 Windows Update
03-10-2014 01:00:12 Windows Update
05-10-2014 10:14:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {24DF2535-C646-4BB4-9D70-2C7024039551} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {26D37717-F708-45D7-AB4B-72E9FEBCE075} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {37133E99-0015-4799-A408-99460003E04A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {3E1A1096-DE9B-4C97-A057-432D81259B9B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {575B5A4A-1081-4587-B729-F3B7A784341E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {7A469B00-3A4A-4126-A912-0961DA59FBA0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {80B5245A-75F7-4CB1-B5B2-4678CF175C8F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {A2EE3E45-2AD9-45F3-907D-A08B029FDCE3} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2012-11-30] ()
Task: {BDF9FB4D-478C-47BC-AE64-DE02B79687BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C9439E95-E31D-4E42-8140-7AF9FE40BD6B} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-05-09] (DealPly) <==== ATTENTION
Task: {F1C9C3CA-590A-453D-8CBC-56810B8162B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2013-01-10 19:55 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-10-11 13:25 - 2014-09-29 15:19 - 02910632 _____ () C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-01-10 19:55 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-11 13:10 - 2013-11-18 03:18 - 00258944 _____ () C:\Users\Warkentin\AppData\Local\Temp\MxUninstall\Maxzlib.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #3
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #4
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2014 03:21:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/11/2014 02:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Maxthon.exe, Version: 4.2.1.1000, Zeitstempel: 0x52c66490
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003c889
ID des fehlerhaften Prozesses: 0x29fc
Startzeit der fehlerhaften Anwendung: 0xMaxthon.exe0
Pfad der fehlerhaften Anwendung: Maxthon.exe1
Pfad des fehlerhaften Moduls: Maxthon.exe2
Berichtskennung: Maxthon.exe3

Error: (10/11/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 08:58:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/10/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/10/2014 07:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 08:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/09/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/09/2014 07:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 04:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (10/06/2014 07:53:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2014 07:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/06/2014 07:52:41 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.5 mit dem Computer mit der
Netzwerkhardwareadresse A4-DB-30-83-FA-F8 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (10/06/2014 07:52:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (10/03/2014 02:57:47 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse E4-32-CB-EE-BE-BE ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (09/26/2014 06:43:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (09/26/2014 06:43:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/26/2014 06:43:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (09/21/2014 06:03:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 9" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/21/2014 06:03:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 9 erreicht.


Microsoft Office Sessions:
=========================
Error: (10/11/2014 03:21:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Warkentin\Downloads\cossacks [1].exe

Error: (10/11/2014 02:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Maxthon.exe4.2.1.100052c66490ntdll.dll6.1.7601.18247521ea8e7c00000050003c88929fc01cfe54ed31fbfc9C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exeC:\Windows\SysWOW64\ntdll.dll22e8d936-5142-11e4-b5d5-002454ae4a90

Error: (10/11/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 08:58:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/10/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/10/2014 07:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 08:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/09/2014 07:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/09/2014 07:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 04:58:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-10-07 17:13:46.169
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-07 17:13:46.167
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-07 17:13:46.164
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-07 17:13:46.143
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-07 17:13:46.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-07 17:13:46.138
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-02 11:56:45.437
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-02 11:56:45.437
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-02 11:56:45.437
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-02 11:56:45.406
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 3892.55 MB
Available physical RAM: 1374.25 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4908.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System Win7) (Fixed) (Total:78.03 GB) (Free:37.21 GB) NTFS
Drive d: (Dokumente) (Fixed) (Total:29.3 GB) (Free:28.51 GB) NTFS
Drive e: (Bider, Musik, Video) (Fixed) (Total:125.46 GB) (Free:119.22 GB) NTFS
Drive h: (Endzeitmedium) (Fixed) (Total:465.76 GB) (Free:240.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E1DBE1DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=125 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0002E78D)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


Defogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:22 on 11/10/2014 (Warkentin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Frst

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 (ATTENTION: ====> FRST version is 121 days old and could be outdated)
Ran by Warkentin (administrator) on WARKENTIN-PC on 11-10-2014 15:30:55
Running from H:\Trojana Programme
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Maxthon International ltd.) C:\Users\Warkentin\AppData\Local\Temp\MxUninstall\MxUninstall.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
() C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
(Security Stronghold) C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495656 2014-09-29] (Security Stronghold)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [DriverScanner] => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49237;https=127.0.0.1:49237
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FB6D8803CE2CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0F37B5BF-A554-4E3D-BBB3-5E6F6ECEF4CC}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{5EE56C4E-DDE2-4BF8-B48B-DDF6E574079D}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{7356D5CC-842F-4338-BF11-B56BEC0A87E2}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{A4D0FC3F-B3F1-4BA2-84A7-47FD35DA8D67}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-13]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 ServiceSAM; C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [2910632 2014-09-29] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-14] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-14] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-10-11 15:30 - 2014-10-11 15:30 - 00000000 ____D () C:\FRST
2014-10-11 15:22 - 2014-10-11 15:23 - 00000000 ____D () C:\Users\Warkentin\Desktop\Trojaner_Bord dokumente
2014-10-11 15:22 - 2014-10-11 15:22 - 00000000 _____ () C:\Users\Warkentin\defogger_reenable
2014-10-11 13:25 - 2014-10-11 15:30 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-10-11 13:25 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-10-11 13:24 - 2014-10-11 13:25 - 00000000 ____D () C:\Trojaner programme
2014-10-02 10:24 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 10:24 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 18:55 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-26 18:55 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 14:04 - 2014-09-19 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-13 17:58 - 2014-09-13 17:58 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Adobe
2014-09-12 20:13 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:13 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:12 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:12 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:12 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:12 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:12 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:12 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:12 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:12 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:12 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:12 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:12 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:12 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:12 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:12 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:12 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:12 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:12 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:12 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:12 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:12 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:12 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:12 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:12 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:12 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:12 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:12 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:12 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:12 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:12 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:12 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:12 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:12 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:12 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:12 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:12 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:12 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:12 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:12 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:12 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:12 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:12 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:12 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:12 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:12 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:12 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:12 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:12 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:12 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 20:08 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 20:08 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 18:37 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 18:37 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 18:36 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 18:36 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 18:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 18:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 18:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 18:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 18:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 18:36 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 18:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

2014-10-11 15:31 - 2012-12-15 14:45 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Temp
2014-10-11 15:30 - 2014-10-11 15:30 - 00000000 ____D () C:\FRST
2014-10-11 15:30 - 2014-10-11 13:25 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-10-11 15:26 - 2012-12-15 14:42 - 01968250 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 15:23 - 2014-10-11 15:22 - 00000000 ____D () C:\Users\Warkentin\Desktop\Trojaner_Bord dokumente
2014-10-11 15:22 - 2014-10-11 15:22 - 00000000 _____ () C:\Users\Warkentin\defogger_reenable
2014-10-11 15:22 - 2012-12-15 14:45 - 00000000 ____D () C:\Users\Warkentin
2014-10-11 15:15 - 2011-04-12 09:43 - 00703182 _____ () C:\Windows\system32\perfh007.dat
2014-10-11 15:15 - 2011-04-12 09:43 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-10-11 15:15 - 2009-07-14 07:13 - 01629346 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 14:50 - 2014-06-04 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 14:03 - 2014-01-13 15:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 13:29 - 2013-10-26 19:25 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-10-11 13:25 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-10-11 13:25 - 2014-10-11 13:24 - 00000000 ____D () C:\Trojaner programme
2014-10-11 13:18 - 2014-05-08 14:40 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-10-11 13:15 - 2009-07-14 06:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:15 - 2009-07-14 06:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:10 - 2014-08-17 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-11 13:09 - 2013-10-20 00:45 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Google
2014-10-11 13:09 - 2012-12-15 20:02 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-11 13:05 - 2014-06-12 20:33 - 00007168 _____ () C:\Windows\setupact.log
2014-10-11 13:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 19:35 - 2014-05-08 14:40 - 00000000 ____D () C:\Users\Warkentin\AppData\Roaming\DiskDefrag
2014-10-06 19:52 - 2012-12-15 20:33 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-10-05 12:27 - 2013-08-14 20:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-02 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 18:44 - 2014-06-04 15:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 18:44 - 2012-12-15 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 18:44 - 2012-12-15 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 04:08 - 2014-10-02 10:24 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 03:40 - 2014-10-02 10:24 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-21 18:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 16:37 - 2012-12-15 20:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-20 16:28 - 2014-06-12 20:32 - 00004030 _____ () C:\Windows\PFRO.log
2014-09-20 16:28 - 2013-03-22 17:41 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-09-19 14:06 - 2014-09-19 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-19 14:06 - 2013-10-15 11:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-16 19:58 - 2014-05-08 18:57 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-16 19:58 - 2014-04-01 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-16 17:25 - 2014-02-07 11:45 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-13 17:58 - 2014-09-13 17:58 - 00000000 ____D () C:\Users\Warkentin\AppData\Local\Adobe
2014-09-12 20:11 - 2012-12-15 22:18 - 01603626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:08 - 2014-04-30 14:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\Warkentin\AppData\Local\Temp\GMX_Firefox_Setup.exe
C:\Users\Warkentin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Warkentin\AppData\Local\Temp\unwise.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 17:11

==================== End Of Log ============================
--- --- ---

--- --- ---

MasterChaos 29.10.2014 18:27
gmer
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-11 15:55:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250HI rev.2AC101C4 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\WARKEN~1\AppData\Local\Temp\uxliiuoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                  fffff80003005000 8 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                                  fffff80003005010 29 bytes [43, 07, 50, 01, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\AdFender\AdFender.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000075b71465 2 bytes [B7, 75]
.text    C:\Program Files (x86)\AdFender\AdFender.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000075b714bb 2 bytes [B7, 75]
.text    ...                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075b71465 2 bytes [B7, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075b714bb 2 bytes [B7, 75]
.text    ...                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000774411f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                        000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                        000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                  0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                  0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                      0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                    0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                            0000000077441fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                        0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                        0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                    00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                  00000000774427d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                  0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                          0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                          0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                  0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                      000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                      00000000774433c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                  0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                            0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                          0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                              0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                  0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                              0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                              0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                        0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                        0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                  0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                    0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                  0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Nero\Update\NASvc.exe[4880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                00000000774411f5 8 bytes {JMP 0xd}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                              0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                      000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                      000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                              000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                              0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                            0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                    0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                  0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                  0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                          0000000077441fd7 8 bytes {JMP 0xb}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                      0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                      0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                          0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                  00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                00000000774427d2 8 bytes {JMP 0x10}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                        0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                        0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                    000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                    00000000774433c0 16 bytes {JMP 0x4e}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                  0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                  0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                      0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                      0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                            0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                            0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                        0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                          0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                      0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                  0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\DllHost.exe[4512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                    0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                00000000774411f5 8 bytes {JMP 0xd}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                              0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                    000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                    000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                            000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                            0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                            0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                              0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                              0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                  0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                  0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                        0000000077441fd7 8 bytes {JMP 0xb}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                    0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                    0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                          0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                              00000000774427d2 8 bytes {JMP 0x10}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176              0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                      0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                      0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                              0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                  000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                  00000000774433c0 16 bytes {JMP 0x4e}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                  0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                  0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                      0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                      0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                              0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                        0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                      0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                            0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                              0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                            0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                          0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                          0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                        0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                          0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                    0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                    0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                              0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                              0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                    0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075b71465 2 bytes [B7, 75]
.text    C:\Users\WARKEN~1\AppData\Local\Temp\MxUninstall\MxUninstall.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075b714bb 2 bytes [B7, 75]
.text    ...                                                                                                                                                                * 2
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                  00000000774411f5 8 bytes {JMP 0xd}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                              0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                    0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077441fd7 8 bytes {JMP 0xb}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578            0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000774427d2 8 bytes {JMP 0x10}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000774433c0 16 bytes {JMP 0x4e}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611        0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                            0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalwareService.exe[2916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                      0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                          00000000774411f5 8 bytes {JMP 0xd}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                        0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                        000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                        0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                      0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                          0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                          0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                              0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                            0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                            0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                    0000000077441fd7 8 bytes {JMP 0xb}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                    0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                            00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                          00000000774427d2 8 bytes {JMP 0x10}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79          000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176          0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                  0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                  0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                          0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                              000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                              00000000774433c0 16 bytes {JMP 0x4e}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                            0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                            0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                          0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                    0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                  0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                          0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                        0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                      0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                      0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                  0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                    0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                          0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                            0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                          0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                              0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                0000000075b71465 2 bytes [B7, 75]
.text    C:\Trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe[784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                0000000075b714bb 2 bytes [B7, 75]
.text    ...                                                                                                                                                                * 2
?        C:\Windows\system32\mssprxy.dll [784] entry point in ".rdata" section                                                                                              000000006e1d71e6
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                            00000000774411f5 8 bytes {JMP 0xd}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                          0000000077441390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007744143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007744158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007744191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077441b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                        0000000077441bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077441d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077441eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077441edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                              0000000077441f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077441fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077441fd7 8 bytes {JMP 0xb}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077442272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077442301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                      0000000077442792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000774427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000774427d2 8 bytes {JMP 0x10}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                            000000007744282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077442890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 2
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077442d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077442d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                * 3
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077443023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007744323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000774433c0 16 bytes {JMP 0x4e}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                              0000000077443a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                              0000000077443ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                  0000000077443b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                  0000000077443d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077444190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077491380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077491500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077491530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077491650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077491700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077491d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077491f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000774927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073be13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073be146b 8 bytes {JMP 0xffffffffffffffb0}
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                    0000000073be16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                      0000000073be16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073be19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073be19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073be1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073be1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073be1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    H:\Trojana Programme\Gmer-19357.exe[9136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                0000000073be1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:5912]                                                                                        000007fef6b04094
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6068]                                                                                        000007fef5087c4c
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:1356]                                                                                        000007fef6b04094
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6092]                                                                                        000007fef4a5c0d0
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2056:6100]                                                                                        000007fef6b04094
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2728]                                                                                          000007fef6b04094
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2320]                                                                                          000007fef6b04094
Thread    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1980:2396]                                                                                          000007fef4a5c0d0

---- EOF - GMER 2.1 ----
--- --- ---

schrauber 30.10.2014 11:55
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SweetIM for Messenger 3.7

    SweetPacks bundle uninstaller


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MasterChaos 09.11.2014 13:38
Combofix

Combofix Logfile:
Code:
ComboFix 14-11-09.01 - Warkentin 09.11.2014  13:18:37.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3893.2232 [GMT 1:00]
ausgeführt von:: c:\users\Warkentin\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\Logos\amazon.ico
c:\program files (x86)\Wajam\Logos\argos.ico
c:\program files (x86)\Wajam\Logos\ask.ico
c:\program files (x86)\Wajam\Logos\bestbuy.ico
c:\program files (x86)\Wajam\Logos\ebay.ico
c:\program files (x86)\Wajam\Logos\etsy.ico
c:\program files (x86)\Wajam\Logos\facebook.ico
c:\program files (x86)\Wajam\Logos\favicon.ico
c:\program files (x86)\Wajam\Logos\google.ico
c:\program files (x86)\Wajam\Logos\homedepot.ico
c:\program files (x86)\Wajam\Logos\ikea.ico
c:\program files (x86)\Wajam\Logos\imdb.ico
c:\program files (x86)\Wajam\Logos\lowes.ico
c:\program files (x86)\Wajam\Logos\mercado.ico
c:\program files (x86)\Wajam\Logos\mysearchweb.ico
c:\program files (x86)\Wajam\Logos\myshopping.ico
c:\program files (x86)\Wajam\Logos\searchresult.ico
c:\program files (x86)\Wajam\Logos\sears.ico
c:\program files (x86)\Wajam\Logos\setting.ico
c:\program files (x86)\Wajam\Logos\settings.ico
c:\program files (x86)\Wajam\Logos\shopping.ico
c:\program files (x86)\Wajam\Logos\target.ico
c:\program files (x86)\Wajam\Logos\tesco.ico
c:\program files (x86)\Wajam\Logos\tripadvisor.ico
c:\program files (x86)\Wajam\Logos\twitter.ico
c:\program files (x86)\Wajam\Logos\wajam.ico
c:\program files (x86)\Wajam\Logos\walmart.ico
c:\program files (x86)\Wajam\Logos\wiki.ico
c:\program files (x86)\Wajam\Logos\yahoo.ico
c:\program files (x86)\Wajam\Logos\zalando.ico
c:\program files (x86)\Wajam\Wajam Internet Enhancer\makecert.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\wie
c:\program files (x86)\Wajam\Wajam Internet Enhancer\WJManifest
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam
c:\programdata\Roaming
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-09 bis 2014-11-09  ))))))))))))))))))))))))))))))
.
.
2014-11-09 12:26 . 2014-11-09 12:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-09 11:52 . 2014-11-09 11:52        --------        d-----w-        c:\users\Warkentin\AppData\Local\AVG Web TuneUp
2014-11-09 11:52 . 2014-11-09 11:52        --------        d-----w-        c:\programdata\AVG Security Toolbar
2014-11-09 11:51 . 2014-11-09 11:51        50976        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2014-11-09 11:51 . 2014-11-09 11:51        --------        d-----w-        c:\programdata\AVG Secure Search
2014-11-09 11:51 . 2014-11-09 11:51        --------        d-----w-        c:\program files (x86)\Common Files\AVG Secure Search
2014-11-09 11:51 . 2014-11-09 11:51        --------        d-----w-        c:\program files (x86)\AVG Web TuneUp
2014-11-09 11:51 . 2014-11-09 11:52        --------        d-----w-        c:\programdata\AVG Web TuneUp
2014-10-16 19:12 . 2014-10-07 02:04        812736        ----a-w-        c:\program files (x86)\Internet Explorer\iexplore.exe
2014-10-16 19:11 . 2014-09-18 02:00        3241472        ----a-w-        c:\windows\system32\msi.dll
2014-10-16 19:11 . 2014-09-18 01:32        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-16 19:11 . 2014-08-29 02:07        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2014-10-16 19:11 . 2014-08-29 02:07        322560        ----a-w-        c:\windows\system32\aaclient.dll
2014-10-16 19:11 . 2014-08-29 02:06        1125888        ----a-w-        c:\windows\system32\mstsc.exe
2014-10-16 19:11 . 2014-08-29 01:44        37376        ----a-w-        c:\windows\SysWow64\tsgqec.dll
2014-10-16 19:11 . 2014-08-29 01:44        4922368        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-10-16 19:11 . 2014-08-29 01:44        269312        ----a-w-        c:\windows\SysWow64\aaclient.dll
2014-10-16 19:11 . 2014-08-29 01:44        1050112        ----a-w-        c:\windows\SysWow64\mstsc.exe
2014-10-16 19:11 . 2014-08-29 02:07        5780480        ----a-w-        c:\windows\system32\mstscax.dll
2014-10-16 19:11 . 2014-08-29 02:07        3179520        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-10-12 13:38 . 2014-10-12 13:38        --------        d-----w-        c:\users\Warkentin\AppData\Local\Kalypso Media
2014-10-12 13:37 . 2014-06-06 04:39        46704        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-12 13:37 . 2014-06-06 04:38        822384        ----a-w-        c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-10-12 13:37 . 2014-06-06 04:38        1022576        ----a-w-        c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-10-12 13:37 . 2014-06-06 04:38        10594416        ----a-w-        c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-10-12 13:34 . 2014-02-16 11:58        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\msvcr100.dll
2014-10-12 13:34 . 2014-02-16 11:58        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\msvcp100.dll
2014-10-12 13:34 . 2014-10-12 13:35        75376        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-10-12 13:34 . 2014-10-12 13:35        46704        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-10-12 13:34 . 2014-10-12 13:35        20080        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-10-12 13:34 . 2014-10-12 13:35        305264        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll
2014-10-12 13:34 . 2014-10-12 13:35        275568        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\firefox.exe
2014-10-12 13:34 . 2014-10-12 13:35        117360        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe
2014-10-12 13:34 . 2014-02-16 11:58        2106216        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-10-12 13:33 . 2014-10-12 14:08        --------        d-----w-        c:\users\Warkentin\AppData\Roaming\Tropico 4
2014-10-12 13:30 . 2014-10-12 13:30        --------        d-----w-        c:\users\Warkentin\AppData\Roaming\Kalypso Media
2014-10-11 14:39 . 2014-10-11 14:39        --------        d-----w-        c:\program files (x86)\7-Zip
2014-10-11 13:30 . 2014-10-11 13:32        --------        d-----w-        C:\FRST
2014-10-11 11:24 . 2014-10-11 11:25        --------        d-----w-        C:\Trojaner programme
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 11:51 . 2012-12-15 18:15        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-09 11:51 . 2012-12-15 18:15        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 19:06 . 2012-12-15 19:29        103265616        ----a-w-        c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-02 08:24        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-02 08:24        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-26 16:55        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-26 16:55        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 20:15        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 20:15        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-05-08 13:39 . 2014-05-08 13:39        13084896        ----a-w-        c:\program files (x86)\Silverlight_x64.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-11-09 11:51        2369560        ----a-w-        c:\program files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}]
2013-10-26 17:22        299224        ----a-w-        c:\program files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3004627E-F8E9-4E8B-909D-316753CBA923}"= "c:\program files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll" [2013-10-26 285912]
.
[HKEY_CLASSES_ROOT\clsid\{3004627e-f8e9-4e8b-909d-316753cba923}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Stronghold AntiMalware"="c:\trojaner programme\Stronghold AntiMalware\StrongholdAntiMalware.exe" [2014-09-29 6495656]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-11-09 3060248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGTP
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-27 11:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://gmx.de/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49237;https=127.0.0.1:49237
uInternet Settings,ProxyOverride = <-loopback>
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0F37B5BF-A554-4E3D-BBB3-5E6F6ECEF4CC}: NameServer = 192.168.0.1
TCP: Interfaces\{5EE56C4E-DDE2-4BF8-B48B-DDF6E574079D}: NameServer = 192.168.0.1
TCP: Interfaces\{7356D5CC-842F-4338-BF11-B56BEC0A87E2}: NameServer = 192.168.0.1
TCP: Interfaces\{A4D0FC3F-B3F1-4BA2-84A7-47FD35DA8D67}: NameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
FF - ProfilePath - c:\users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={C4E0F3F8-4E59-4671-A26C-415D68F88352}&mid=cef190f878e047d08510d16d124aa363-fa1524df98b1f62014eebed0dd917cef9cd5a2b6&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-09 12:51&v=4.0.0.19&pid=wtu&sg=&sap=hp
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-DriverScanner - c:\program files (x86)\Uniblue\DriverScanner\launcher.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-09  13:31:53
ComboFix-quarantined-files.txt  2014-11-09 12:31
.
Vor Suchlauf: 9 Verzeichnis(se), 43.824.836.608 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.617.386.496 Bytes frei
.
- - End Of File - - DDFC39802ED07E7321B50C1BFF28F8CB
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/CODE]

schrauber 10.11.2014 10:07
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

MasterChaos 15.11.2014 11:07
mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.11.2014
Suchlauf-Zeit: 08:51:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.15.02
Rootkit Datenbank: v2014.11.12.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Warkentin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326614
Verstrichene Zeit: 21 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 74
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [d03ee15b116b0135821a628e35cd1fe1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [d03ee15b116b0135821a628e35cd1fe1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, In Quarantäne, [4fbf48f4661679bd1c6b981fe220847c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, In Quarantäne, [4fbf48f4661679bd1c6b981fe220847c],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [c747f8444834c67032d0e80960a28e72],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, In Quarantäne, [cb4386b685f780b657fc8070d52d857b],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [68a6f448e795a29437c99bd8c73c36ca],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, In Quarantäne, [3bd385b727552c0a7a57f797a46044bc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [fa144af24e2eaf8758186beab74c9868],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [52bcd765116bac8ad65397bf9a699c64],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [18f688b40a729c9a7888541f9e65a65a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, In Quarantäne, [5db1300caece80b60d181b6bae56a759],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [e52974c85527f343bff2cbbcab5927d9],
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [fe109aa287f5ef47835fc172b54e966a],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, In Quarantäne, [4fbff7458fed7db96b64117df212d32d],
PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [e6286ad22f4d6bcb3ba746ed877c748c],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, In Quarantäne, [7f8f1e1eb6c62a0c2a9c394e64a032ce],
PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [ca440f2dc1bb83b32604332301027d83],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [a56952eaabd1c96d8d72581a699a2ad6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [9876023ae79594a2058bd49c33d00df3],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, In Quarantäne, [808ea993522a49ed8ee588037e8634cc],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [848af6460e6e2a0ca91f0b7b40c4de22],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [c8469aa2621ac6708b251770ee1610f0],
PUP.Optional.DealPly.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [4cc21b2165172016be6c15412fd4768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\m, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\m, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],

Registrierungswerte: 8
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [ba549d9fd3a90531163c3cb4c63ce21e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [0608142894e885b16d334309f50ef20e]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [020cc874bfbdf73ff5ab69e3b94a738d]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D1F55A43-46E5-11E2-A21E-002454AE4A90}, In Quarantäne, [e52974c85527f343bff2cbbcab5927d9]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [848af6460e6e2a0ca91f0b7b40c4de22]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [13fb3606a2da3501722f53f9a45f57a9]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3347671118-236807827-2603270004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {D1F55A43-46E5-11E2-A21E-002454AE4A90}, In Quarantäne, [c8469aa2621ac6708b251770ee1610f0]

Registrierungsdaten: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[719dfd3f4933b28475c14701679e7c84]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[bb5335076f0d3303668585b933d2ba46]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCzz0CtC0BtDzytDzyyEtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1049223835&ir=),Ersetzt,[19f567d57efee55183b3af9934d18878]

Ordner: 25
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [f61840fc4f2dd561a677840221e30af6],
PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly, In Quarantäne, [21ed47f5245849edd73cc63efd06827e],
PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly\UpdateProc, In Quarantäne, [21ed47f5245849edd73cc63efd06827e],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b],
PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\871308983126464AB1CC4485CF32CACD, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b],
PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\BF6425444BB94FF6A91C6E6C96E3C569, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, In Quarantäne, [b45a09332e4e10261ca0fd07f013fd03],
PUP.Optional.RegCleanerPro.A, C:\Users\Warkentin\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [749a79c3de9e0c2a2f9061a353b0d12f],
PUP.Optional.RegCleanerPro.A, C:\Users\Warkentin\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [749a79c3de9e0c2a2f9061a353b0d12f],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71],
PUP.Optional.BonanzaDeals.A, C:\Users\Warkentin\AppData\Local\BonanzaDealsLive, In Quarantäne, [d33b89b314689f9774be06ffd132c43c],
PUP.Optional.BonanzaDeals.A, C:\Users\Warkentin\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [d33b89b314689f9774be06ffd132c43c],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [907ea19b4735ba7c92a221e434cf1ce4],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [907ea19b4735ba7c92a221e434cf1ce4],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, In Quarantäne, [50be2f0db0cc9b9b67adba72cb38817f],

Dateien: 28
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll, In Quarantäne, [d33b2b1196e679bd8dc543ade121748c],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe, In Quarantäne, [4dc194a804780531712c3cb40bf708f8],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll, In Quarantäne, [60aede5e2f4d1521331ee10fde240ff1],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll, In Quarantäne, [7b93a9935b21e74ff12f0f2def127090],
PUP.Optional.Softonic, C:\Users\Warkentin\Downloads\cossacks [1].exe, In Quarantäne, [a36b2418cbb151e57496809eb54cf709],
PUP.Optional.SweetIM, C:\Windows\Installer\38628.msi, In Quarantäne, [838ba29ac7b5c5718ab68be332d3a759],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Local\mysearchdial-speeddial.crx, In Quarantäne, [ce40e25a0577c76f824fa7a3a26135cb],
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [a9653dffafcda5918b81f75783809d63],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, In Quarantäne, [f61840fc4f2dd561a677840221e30af6],
PUP.Optional.DealPly.A, C:\Users\Warkentin\AppData\Roaming\DealPly\UpdateProc\config.dat, In Quarantäne, [21ed47f5245849edd73cc63efd06827e],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070\59.ico, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\icons_2.2.5.1070\60.ico, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\config.dat, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\info.dat, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.MySearchDial.A, C:\Users\Warkentin\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, In Quarantäne, [63ab5ae2e99389ad7bbff11339ca08f8],
PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\871308983126464AB1CC4485CF32CACD\driverscannerDE.exe, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b],
PUP.Optional.OpenCandy, C:\Users\Warkentin\AppData\Roaming\OpenCandy\BF6425444BB94FF6A91C6E6C96E3C569\TuneUpUtilities2013_2200218_de-DE.exe, In Quarantäne, [35d9320af18bad89cc7a22e28e75b54b],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [87871e1ee49870c6f63b29dcbf448f71],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\Sqlite3.dll, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninst.dat, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe, In Quarantäne, [739b16262f4d2c0a7c113fc6b35016ea],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, In Quarantäne, [50be2f0db0cc9b9b67adba72cb38817f],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner

AdwCleaner Logfile:
Code:
# AdwCleaner v4.101 - Bericht erstellt am 15/11/2014 um 10:11:13
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-13.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Warkentin - WARKENTIN-PC
# Gestartet von : C:\Users\Warkentin\Downloads\adwcleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Public\Documents\Stronghold AntiMalware
Ordner Gelöscht : C:\Users\Warkentin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\Extensions\Avg@toolbar
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Warkentin\AppData\Roaming\Mozilla\Firefox\Profiles\rb8jh4or.default\searchplugins\avg-secure-search.xml

***** [ Tasks ] *****

Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v30.0 (en-US)

[rb8jh4or.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[rb8jh4or.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [7922 octets] - [15/11/2014 10:06:25]
AdwCleaner[S0].txt - [7460 octets] - [15/11/2014 10:11:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7520 octets] ##########
--- --- ---

[/CODE]

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Warkentin on 15.11.2014 at 10:24:51,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-F20E59B9.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERINSTALLER.EXE-126F6397.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Warkentin\appdata\local\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Warkentin\AppData\Roaming\mozilla\firefox\profiles\rb8jh4or.default\prefs.js

user_pref("browser.startup.homepage", "hxxps://mysearch.avg.com?cid={C4E0F3F8-4E59-4671-A26C-415D68F88352}&mid=cef190f878e047d08510d16d124aa363-fa1524df98b1f62014eebed0dd917ce
Emptied folder: C:\Users\Warkentin\AppData\Roaming\mozilla\firefox\profiles\rb8jh4or.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.11.2014 at 10:29:27,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 15.11.2014 20:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55