Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner „Ihavenet.com“ macht Ärger (https://www.trojaner-board.de/130464-trojaner-ihavenet-com-macht-aerger.html)

carlos94jana 01.02.2013 17:53
Trojaner „Ihavenet.com“ macht Ärger
 
Hallo Zusammen,

wie ich in diesem Forum erfahre, ist auch mein Laptop mit dem Viren „ihavenet.com“ (das Weiterleiten auf andere Seiten bei der Google-Suche mit Firefox oder Explorar) infiziert.

Im IE geht das googlen allerdings als wäre nichts passiert.

Mit meinem Antivirenprogramm (Avira, Freeware) habe ich bereits vor zwei Tagen meinen Laptop gescannt. Nichts Verdächtiges konnte gefunden werden. Mein Rechner arbeitet mit dem Betriebssystem Windows 7.

Ich würde mich freuen, wenn jemand mir hierbei seine Hilfe anbieten würde.

Im Anhang schicke ich die zur Analyse erforderlichen Dateien (Extra.txt und
Gmer.txt). Die Datei OTL.txt kann auf Grund ihrer Größe (103,7 KB) leider nicht angehängt werden. Bei Bedarf kann diese Datei nachschicken.


Vielen Dank im Voraus

Gruß
Carlos

cosinus 01.02.2013 18:21
Hallo und :hallo:

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

carlos94jana 11.02.2013 18:55
Hallo,

Die geforderten Logs habe ich Dir vor 5 oder 6 Tagen vollständig zukommen lassen. Da ich seit dieser Zeit keine Antwort von Dir erhalten habe, weiß ich nicht, ob es bei der Übertragung etwas schief gelaufen ist oder deine Zeit zur weiteren Bearbeitung des Falls zurzeit knapp ist.

Bitte gib mir eine Rückmeldung, ob Du die Daten von mir erhalten hast.
Notfalls schicke ich Dir die Daten erneut.

Gruß
Carlos94jana

cosinus 11.02.2013 23:39
Nee, ich hab dich schon vor fast über zwei Wochen gefragt, warum du die Logs in den Anhang gelegt hast und dir erläutert, dass Logs im Anhang das Auswerten erschweren.

Zudem fehlt von OTL das andere Log, du hast nur die Extras gepostet. Ist aber egal, ich brauch neue OTL-Logs nach so einer langen Zeit
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Und danach bitte MBAR ausführen, falls du hast auch alle anderen Logs von Malwarebytes posten:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

carlos94jana 12.02.2013 23:13
Hallo Cosinus,

danke für deine Rückmeldung.

Ich habe die OTL.exe aktuell ausgeführt und schicke Dir die Ergebnisse.

Des Weiteren erhältst Du die Logfile von MBAR.

Die anderen zwei Logs (Extra.txt und GMER.txt) muss ich Dir aufgrund der Dateigröße nachschicken.

Ich bin nun gespannt, wie es weiter geht.

Viele Grüße
Carlos

Code:
OTL logfile created on: 12.02.2013 20:14:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Gast\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,88% Memory free
7,71 Gb Paging File | 5,51 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 353,97 Gb Free Space | 78,63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Gast\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{7C31A197-6CBE-4C4C-A5D6-D0B30A5EDB96}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{D6013B2D-630C-4806-96C3-F1146008A5EE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746099090-312496325-1089877124-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes,DefaultScope = {678EB474-871B-40AE-88FC-0EDE8FF34305}
IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes\{678EB474-871B-40AE-88FC-0EDE8FF34305}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\SearchScopes\{D58EADF2-A853-49E3-8939-E21415945177}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=bdb4448a-c5ce-428e-b6d1-6c608b79b0e2&apn_sauid=4314E8A9-5322-4B41-A731-72ADB2E704D5
IE - HKU\S-1-5-21-746099090-312496325-1089877124-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "https://www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_ptnrs=%5EAGS&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.18 15:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.01 21:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.11 20:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.11 20:09:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.02 22:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.31 23:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions
[2012.12.01 12:25:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.09.15 10:55:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\ich@maltegoetz.de
[2013.01.31 17:21:21 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.01.31 23:23:18 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kmptlmf.default\extensions\toolbar@ask.com
[2012.12.13 21:35:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.24 18:27:19 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.20 21:54:16 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\searchplugins\askcom.xml
[2013.01.18 14:53:22 | 000,002,306 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kmptlmf.default\searchplugins\askcomsearch.xml
[2013.02.11 20:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.11 20:09:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-746099090-312496325-1089877124-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-746099090-312496325-1089877124-501\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe ()
O4 - HKU\S-1-5-21-746099090-312496325-1089877124-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-746099090-312496325-1089877124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{621A1FC3-E796-41BA-8B72-7208229F7427}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4C2637F-528D-41BC-8DB9-A519BED05FA4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{610a236c-b0ad-11e0-82f2-1c7508e3bfa3}\Shell - "" = AutoRun
O33 - MountPoints2\{610a236c-b0ad-11e0-82f2-1c7508e3bfa3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.11 20:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.08 14:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.02.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.02.02 01:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.02.02 01:08:22 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013.02.02 01:08:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013.02.02 01:08:21 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2013.02.02 01:08:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2013.02.02 01:08:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013.02.02 01:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.02.01 21:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.02.01 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.02.01 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2013.02.01 21:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.02.01 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013.02.01 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files
[2013.02.01 21:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.02.01 21:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.02.01 21:27:14 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.02.01 13:26:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.01.31 23:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.31 23:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.01.31 23:21:55 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.31 23:21:55 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.31 23:21:55 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.31 23:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.01.31 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board-Dateien
[2013.01.31 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus
[2013.01.31 18:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.31 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.31 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.31 18:27:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.31 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.31 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.01.31 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.31 17:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.01.31 17:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.01.31 17:22:20 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.01.31 17:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.01.31 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.01.31 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.01.31 17:20:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.01.31 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.31 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.31 17:09:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.27 09:43:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin
[2013.01.27 09:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.01.24 18:27:30 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing
[2013.01.24 18:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013.01.24 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013.01.15 06:53:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.15 06:53:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.15 06:53:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 19:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 10:36:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 10:36:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 10:29:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.12 10:29:10 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\ZMBEOY.job
[2013.02.12 10:29:06 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.07 13:42:28 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.07 13:42:28 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.07 13:42:28 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.07 13:42:28 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.07 13:42:28 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.01 21:27:35 | 000,001,005 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2013.01.31 23:23:24 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.31 23:15:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.31 23:15:49 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.31 23:15:48 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.31 22:11:18 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.31 20:40:50 | 000,154,710 | ---- | M] () -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board.htm
[2013.01.31 18:27:11 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.31 18:14:29 | 000,020,929 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.31 17:22:20 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.01.15 18:00:02 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.01 21:27:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.01 21:27:35 | 000,001,005 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2013.01.31 23:23:24 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.31 22:11:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.31 20:40:49 | 000,154,710 | ---- | C] () -- C:\Users\***\Desktop\Probleme mit ihavenet.com - Trojaner-Board.htm
[2013.01.31 18:27:11 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.19 11:03:39 | 000,020,929 | ---- | C] () -- C:\Windows\wininit.ini
[2013.01.15 17:59:32 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.06 16:14:13 | 000,126,976 | RHS- | C] () -- C:\Windows\SysWow64\d3dimo.dll
[2012.02.21 18:37:38 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.10.08 17:54:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.23 08:30:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.23 08:30:03 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.07.11 15:06:52 | 000,709,829 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.07.02 22:37:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.02 21:12:14 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.31 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.10.13 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.10.13 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.11 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2012.04.23 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaunchPad
[2011.07.09 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.02.01 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.01.28 14:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.02.02 01:08:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.07.04 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS
[2012.12.06 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.07.02 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.07.19 21:08:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.02.01 21:27:39 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Uniblue
[2011.07.03 10:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower
[2011.07.02 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2013.01.31 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.02.01 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2013.02.03 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.07.20 08:10:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.09.21 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower
[2013.02.11 15:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2012.12.28 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [administrator]

12.02.2013 21:56:58
mbar-log-2013-02-12 (21-56-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30948
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

carlos94jana 12.02.2013 23:38
Hallo Cosinus,

hier die zwei fehlenden Logs (Extra.txt und GMER.txt), die allerdings vom 31.01.2013 sind. Irgendwie klappt es nicht, dass ich Dir aktuelle Logs schicke. Wenn diese für deine weitere Bearbeitung zu alt sind, werde ich versuchen, Dir neue zu schicken.

Vielen Dank und viele Grüße
Carlos

Code:
OTL Extras logfile created on: 31.01.2013 22:16:24 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 61,09% Memory free
7,71 Gb Paging File | 5,95 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 383,32 Gb Free Space | 85,15% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0838C4EF-BB5F-4A61-A2ED-C426D43668A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FC812A9-EEDB-443F-9B17-67B2856F8E58}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{169FD497-0388-4E6F-B308-B4F66B739E41}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C5CC1A4-A385-4117-9517-736D4DC9C215}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A9E77D0-9124-49BD-91AA-41BB75F50700}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BAE89B1-0B93-4BFF-A1F0-09124E46BAE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C7261DD-8571-4BCC-9080-B98E2D644F8F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77563DF8-A870-4354-94F5-E3D2E23DCDF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7BDC3E0B-767F-4C42-847C-5FD0261BB929}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7CEDB4E0-7F74-43F5-AE4B-6919D935FF79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8C069B17-D3F7-4F3C-99D7-88EE2042A2ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFF956E7-97CB-48A9-8CE6-F1253DBBC0D8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B08F5587-93C0-4A69-8CB2-F8218D0A15DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B87D40CC-D692-4C65-B51B-5E2559025562}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF21ECB1-1714-467C-8CA2-DB6BB29A4B61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF6E95B6-2342-430A-8E2B-211E3AF619A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D12B7B98-5BD2-4B90-A2AB-23B03DACFDF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D84D82B9-CBDB-4962-872A-26AF8029E126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB7B465C-994F-4E2D-90B3-F511EB3699DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E43C3D40-948A-44AD-89A1-D099D14CB873}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8D817A3-53F2-4178-8A25-9FE14E6D3CAE}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4A9DC2C-FD37-4D11-B8C7-661D3BBB3BA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5C26126-B78D-4324-8A89-448B644FF536}" = lport=445 | protocol=6 | dir=in | app=system |
"{F94702D7-1651-4866-BC1D-34E1C005B091}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA37B601-B48E-4743-921A-29C962EEBE66}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428C723-B3DB-4151-A7FC-3BAF9941E0C8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{05E4D556-BA85-41AB-BFF9-8EBA13A639EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09E81402-25EA-4645-972E-22BABC42A1BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{134662B5-AD59-413B-BD48-95103E7770F5}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{188D7894-AD37-4857-AB45-291A4DDB9983}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23194B81-F57E-4806-B463-CC5C81CDF8F9}" = protocol=6 | dir=in | app=c:\users\gast\downloads\winrarsdm.exe |
"{35803681-565C-46DD-8A43-97D5032D5507}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{50EE1F0A-BF2E-4667-9FE0-CCEA698043AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{586BE6C5-914B-4064-8FC7-8DB7649DBBD3}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{5E391963-324D-4EFD-A486-56600BC13C17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66A513C3-0BFB-4202-A91B-70978B9C53B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{718B655F-90AB-47D1-A937-EDDA8B2D29C1}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{72B62DD4-D38B-4D91-8D71-48C8893468D7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{74D8A04A-B7F1-46A9-ADE7-E3E0B66A11F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FD1FFD2-03DC-4AA3-9183-324AF79502EF}" = protocol=6 | dir=out | app=system |
"{8798FAD1-24F8-42E4-A9F8-5374C1CBC429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{879E00D9-1214-48C3-B67A-59DAF46CCAA6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E2D0844-0A1E-4848-8CFE-50BB70F8D8DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E86A7E2-86D4-4E80-9F92-C414253747A0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{90DB343E-7B74-4628-A39A-F61BB3502DFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91968B9F-E0DB-43AD-89DF-BBEB92370092}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{A50F0D8E-3201-44E2-A7EB-8DE6B5EEF17A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC32F6EE-5C4C-4DD9-A119-E60A22F9D023}" = protocol=17 | dir=in | app=c:\users\gast\downloads\winrarsdm.exe |
"{ACD98DC0-0EEF-4C3E-B311-5E8CC872CD93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6034B8A-ED3C-4585-B6A8-83B829FA8618}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B63F80F4-B33F-4FC0-8E4A-61F0B5A4700F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C24CB2D0-8193-4580-A673-792EEC41627B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7991566-98FF-41B6-8F33-8750ECFC2DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C920367D-1001-4D8E-B567-C53778CE0545}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C9FC742A-CAF6-4DE5-B10E-14A99CD3EF0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC925F15-5981-4B97-A0A2-A662FA8C576F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF26AFB1-23F0-443F-B37B-2025B6309B8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1B683C2-52AD-4DE8-8691-B113D57DC892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E3FDB8-90D1-46AE-8810-A10557BA4F1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF99C165-72A1-40E8-820B-1F34B496C9F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0823795-BA73-401F-AA1A-8AC431E46A14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD14E2D0-7E7F-4FBC-9A51-A5478A53C4DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{5FA97CCB-BE40-4D20-BA72-2878D40F1628}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{6448C290-E26E-4F2A-9445-D6792B93C5B8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A2FAAA8E-1640-479E-8785-6613627C9594}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A72BBB3A-DE61-4187-9B49-F8C1B0B6C5DB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DD1AF59-5121-421F-B92D-EEBF3F20345A}" = Official Video Converter
"{50C913B1-A091-48B8-A434-6C9670284888}" = Garmin Training Center
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2A88B8-AE67-11D5-8E9A-00505687E101}" = GLASER -isb conference-
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE514E8-4486-4730-8B68-FA15EEDC942E}" = Watchtower Library 2011 - Deutsch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2754CA-B124-4530-9542-00FE699EA8FD}" = Watchtower Library 2010 - Deutsch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f3b75363-fa28-46b2-9d9f-112252157a7b}" = Nero 9 Essentials
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"RealPlayer 15.0" = RealPlayer
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR Bundle by SweetPacks" = WinRAR Bundle by SweetPacks
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2012 17:47:21 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14b0    Startzeit:
 01cd53e4c246c0cb    Endzeit: 60000    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID:
 34bc8ce3-bfd8-11e1-a039-1c7508e3bfa3 
 
Error - 26.06.2012 17:47:42 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 4b0    Startzeit:
01cd53e50ce98740    Endzeit: 60000    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID:
 5dc43bbf-bfd8-11e1-a039-1c7508e3bfa3 
 
Error - 26.06.2012 17:48:03 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11d0    Startzeit:
 01cd53e538704938    Endzeit: 17794    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID:
 8035b94b-bfd8-11e1-a039-1c7508e3bfa3 
 
Error - 26.06.2012 17:53:40 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13b4    Startzeit:
 01cd53e5edb008df    Endzeit: 13    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE    Berichts-ID:
 5d11ab9c-bfd9-11e1-a039-1c7508e3bfa3 
 
Error - 29.06.2012 13:11:58 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b2c    Startzeit:
01cd561523028a9d    Endzeit: 36    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 7f99e78c-c20d-11e1-99ca-1c7508e3bfa3 
 
Error - 30.06.2012 01:32:35 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 02.07.2012 11:30:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.07.2012 04:40:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.07.2012 09:50:09 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1590    Startzeit:
 01cd5f272aea7266    Endzeit: 13    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 421fc6ff-cb5f-11e1-a24b-1c7508e3bfa3 
 
Error - 19.07.2012 15:34:23 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 31.01.2013 12:37:00 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:37:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:37:11 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:38:07 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:39:07 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.01.2013 12:41:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 31.01.2013 14:17:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 31.01.2013 14:41:22 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 22:59:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldapow.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                        0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                          0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                        0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                        000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                    00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                    0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                          000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                        000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                          0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                          00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                        00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                    00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                    00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17              0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17              0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42              000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17          00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17          0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17              000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17              00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20          00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31          00000000751716bd 2 bytes [17, 75]
?      C:\Windows\system32\mssprxy.dll [2908] entry point in ".rdata" section                                                                                    00000000741c71e6
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                          00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                          000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                              0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                            000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                        00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                        000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                            0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                          000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000751716bd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                0000000075171401 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                  0000000075171419 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                0000000075171431 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                  00000000751714dd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                            00000000751714f5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                  000000007517150d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                            0000000075171525 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                  000000007517153d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                      0000000075171555 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                000000007517156d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                  0000000075171585 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                    000000007517159d 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                  00000000751715b5 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                00000000751715cd 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                            00000000751716b2 2 bytes [17, 75]
.text  C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE[8772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                            00000000751716bd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                    0000000075171401 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                      0000000075171419 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                    0000000075171431 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                    000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      00000000751714dd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                00000000751714f5 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      000000007517150d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                0000000075171525 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                      000000007517153d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075171555 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                    000000007517156d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                      0000000075171585 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        000000007517159d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                      00000000751715b5 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                    00000000751715cd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                00000000751716b2 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\Defogger.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                00000000751716bd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17                                                        0000000075171401 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17                                                          0000000075171419 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17                                                        0000000075171431 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42                                                        000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17                                                            00000000751714dd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17                                                    00000000751714f5 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17                                                            000000007517150d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17                                                    0000000075171525 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17                                                          000000007517153d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17                                                                0000000075171555 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17                                                        000000007517156d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17                                                          0000000075171585 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17                                                              000000007517159d 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17                                                          00000000751715b5 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17                                                        00000000751715cd 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20                                                    00000000751716b2 2 bytes [17, 75]
.text  C:\Users\***\Desktop\Virus\OTL.exe[4720] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31                                                    00000000751716bd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075171401 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075171419 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075171431 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000751714dd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  00000000751714f5 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007517150d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075171525 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        000000007517153d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000075171555 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      000000007517156d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075171585 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007517159d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        00000000751715b5 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      00000000751715cd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  00000000751716b2 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  00000000751716bd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                      000000007745f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                    000000007745f99b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                                  000000007745fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                                  000000007745fa17 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                                000000007745fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                                000000007745fb2f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                          000000007745fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                          000000007745fbdf 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                              000000007745fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                              000000007745fc0f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                        000000007745fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                      000000007745fc27 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                          000000007745fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                        000000007745fc3f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                        000000007745fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                      000000007745fc6f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                        000000007745fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                        000000007745fcef 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                        000000007745fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                      000000007745fd07 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                  000000007745fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                000000007745fd53 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                              000000007745fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                              000000007745fdb7 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                      000000007745fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                      000000007745fe4b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                            000000007745ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15                            000000007745ff93 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                0000000077460099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                              00000000774600a3 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                              0000000077460781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                            000000007746078b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                                0000000077460ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                                0000000077461007 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                                000000007746105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                              0000000077461067 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                          00000000774610a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                        00000000774610af 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                000000007746111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                              0000000077461127 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                  0000000077461321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                  000000007746132b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\kernel32.dll!CreateProcessW                              000000007501103d 5 bytes JMP 0000000100010030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\kernel32.dll!CreateProcessA                              0000000075011072 5 bytes JMP 0000000100010070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                              0000000075cc119f 5 bytes JMP 0000000100020030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                                0000000075cc11cf 5 bytes JMP 0000000100020070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                                  0000000075344de0 5 bytes JMP 00000001001203b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectObject                                    0000000075344f70 5 bytes JMP 00000001001205f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetBkMode                                      00000000753451a2 5 bytes JMP 00000001001208f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetTextColor                                    000000007534522d 5 bytes JMP 0000000100120a30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!DeleteObject                                    0000000075345689 5 bytes JMP 00000001001201b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!DeleteDC                                        00000000753458b3 5 bytes JMP 0000000100120170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                                0000000075346bad 5 bytes JMP 0000000100120370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SaveDC                                          0000000075346e05 5 bytes JMP 0000000100120570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!RestoreDC                                      0000000075346ead 5 bytes JMP 0000000100120530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                              0000000075347180 5 bytes JMP 00000001001206b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StretchDIBits                                  0000000075347435 5 bytes JMP 0000000100120770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateDCA                                      0000000075347bcc 5 bytes JMP 00000001001200b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                              0000000075347dc4 5 bytes JMP 00000001001203f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextAlign                                    0000000075347fd5 5 bytes JMP 0000000100120d70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                                00000000753482b2 5 bytes JMP 0000000100120e30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetTextAlign                                    0000000075348401 5 bytes JMP 00000001001209f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                                000000007534879f 5 bytes JMP 00000001001202f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                                  0000000075348916 5 bytes JMP 00000001001205b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                                    0000000075348b7a 5 bytes JMP 0000000100120970
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!MoveToEx                                        0000000075348ee6 5 bytes JMP 0000000100120470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetFontData                                    0000000075349875 5 bytes JMP 0000000100120c70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                                    0000000075349936 5 bytes JMP 0000000100120d30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!Rectangle                                      000000007534a53a 5 bytes JMP 00000001001209b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetClipBox                                      000000007534af9f 5 bytes JMP 0000000100120330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!LineTo                                          000000007534b9e5 5 bytes JMP 0000000100120430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetICMMode                                      000000007534bd55 5 bytes JMP 0000000100120db0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateICW                                      000000007534c040 5 bytes JMP 0000000100120130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W                          000000007534c107 5 bytes JMP 0000000100120670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                              000000007534c269 5 bytes JMP 00000001001206f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                                000000007534d1f1 5 bytes JMP 0000000100120df0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A                          000000007534d349 5 bytes JMP 0000000100120630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                                    000000007534dce4 5 bytes JMP 0000000100120930
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateDCW                                      000000007534e743 5 bytes JMP 00000001001200f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ExtEscape                                      00000000753503b7 5 bytes JMP 00000001001202b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!Escape                                          0000000075351bda 5 bytes JMP 0000000100120270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                                    0000000075351e89 5 bytes JMP 0000000100120cf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                                0000000075354843 5 bytes JMP 0000000100120b30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                                  0000000075355690 5 bytes JMP 0000000100120b70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndPage                                        0000000075356bde 5 bytes JMP 0000000100120230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!ResetDCW                                        000000007535e2db 5 bytes JMP 0000000100120ab0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                                000000007536940d 5 bytes JMP 0000000100120cb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW                    000000007536c621 5 bytes JMP 0000000100120bb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                                000000007536d2b2 5 bytes JMP 0000000100120bf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                            000000007536d919 5 bytes JMP 0000000100120c30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!AbortDoc                                        0000000075373adc 5 bytes JMP 0000000100120030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndDoc                                          0000000075373f29 5 bytes JMP 00000001001201f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StartPage                                      000000007537401a 5 bytes JMP 0000000100120730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StartDocW                                      0000000075374c51 5 bytes JMP 00000001001207f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!BeginPath                                      00000000753753fd 5 bytes JMP 0000000100120830
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!SelectClipPath                                  0000000075375454 5 bytes JMP 0000000100120af0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!CloseFigure                                    00000000753754af 5 bytes JMP 0000000100120070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!EndPath                                        0000000075375506 5 bytes JMP 0000000100120a70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!StrokePath                                      000000007537573f 5 bytes JMP 00000001001207b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!FillPath                                        00000000753757d2 5 bytes JMP 0000000100120870
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolylineTo                                      0000000075375c44 5 bytes JMP 00000001001204f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                                    0000000075375cd5 5 bytes JMP 00000001001204b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\GDI32.dll!PolyDraw                                        0000000075375d87 5 bytes JMP 00000001001208b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!MapWindowPoints                                0000000075b08c40 5 bytes JMP 0000000100130570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW                      0000000075b09ebd 5 bytes JMP 00000001001302b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA                      0000000075b10afa 5 bytes JMP 00000001001302f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClientRect                                  0000000075b10c62 7 bytes JMP 00000001001305b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetParent                                      0000000075b10f68 7 bytes JMP 00000001001306f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!IsWindowVisible                                0000000075b1112d 7 bytes JMP 00000001001306b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!PostMessageW                                  0000000075b112a5 5 bytes JMP 00000001001305f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ScreenToClient                                0000000075b1227d 7 bytes JMP 0000000100130670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                              0000000075b13150 7 bytes JMP 0000000100130630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetCursor                                      0000000075b141f6 5 bytes JMP 0000000100130530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA                        0000000075b168ef 5 bytes JMP 0000000100130270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW                        0000000075b177fa 5 bytes JMP 0000000100130230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetTopWindow                                  0000000075b17887 7 bytes JMP 0000000100130730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable                    0000000075b18676 5 bytes JMP 00000001001300f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber                    0000000075b18696 5 bytes JMP 0000000100130330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!CloseClipboard                                0000000075b18e8d 5 bytes JMP 00000001001300b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!OpenClipboard                                  0000000075b18ecb 5 bytes JMP 0000000100130070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain                          0000000075b1c17b 5 bytes JMP 0000000100130430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats                          0000000075b1c449 5 bytes JMP 00000001001301b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow                        0000000075b1c468 5 bytes JMP 00000001001303f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!CountClipboardFormats                          0000000075b1c486 5 bytes JMP 00000001001301f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                            0000000075b1c4b6 5 bytes JMP 00000001001304b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout                        0000000075b1d6c0 5 bytes JMP 00000001001304f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                              0000000075b1e360 5 bytes JMP 0000000100130370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetClipboardData                              0000000075b48e57 5 bytes JMP 0000000100130170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000075b49cfd 5 bytes JMP 0000000100130770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000075b49f1d 5 bytes JMP 0000000100130030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!EmptyClipboard                                0000000075b67cb9 5 bytes JMP 0000000100130130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                            0000000075b68111 5 bytes JMP 0000000100130470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat                    0000000075b6832f 5 bytes JMP 00000001001303b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                            0000000074fb9606 5 bytes JMP 00000001001400f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle                        0000000074fc0581 5 bytes JMP 0000000100140130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext                        0000000074fc0bb9 5 bytes JMP 0000000100140270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                            0000000074fc0c2e 5 bytes JMP 00000001001401b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA                      0000000074fc0f2e 5 bytes JMP 0000000100140070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA                  0000000074fc1096 5 bytes JMP 00000001001400b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                                0000000074fc124e 5 bytes JMP 00000001001401f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                                0000000074fc129d 5 bytes JMP 0000000100140230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA                    0000000074fc1527 5 bytes JMP 0000000100140030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA                    0000000074fc1590 5 bytes JMP 0000000100140170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleSetClipboard                                00000000751e0045 5 bytes JMP 0000000100150030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard                          00000000751e36b2 5 bytes JMP 0000000100150070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\ole32.dll!OleGetClipboard                                000000007520fdcd 5 bytes JMP 00000001001500b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075171401 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075171419 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075171431 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      000000007517144a 2 bytes [17, 75]
.text  ...                                                                                                                                                      * 9
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000751714dd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  00000000751714f5 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007517150d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075171525 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        000000007517153d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000075171555 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      000000007517156d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075171585 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007517159d 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        00000000751715b5 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      00000000751715cd 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  00000000751716b2 2 bytes [17, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  00000000751716bd 2 bytes [17, 75]

---- Threads - GMER 2.0 ----

Thread  C:\Windows\SysWOW64\rundll32.exe [1264:1632]                                                                                                              00000000002e3740
Thread  C:\Windows\SysWOW64\rundll32.exe [1264:1636]                                                                                                              0000000000253a80
Thread  C:\Windows\SysWOW64\rundll32.exe [1264:1856]                                                                                                              0000000000253a10
Thread  C:\Windows\SysWOW64\rundll32.exe [1264:5456]                                                                                                              0000000000395cfe
Thread  C:\Windows\SysWOW64\rundll32.exe [1264:5460]                                                                                                              0000000000392ea6
Thread  C:\Windows\SysWOW64\rundll32.exe [1264:5464]                                                                                                              00000000003933de

---- EOF - GMER 2.0 ----

cosinus 13.02.2013 11:04
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

carlos94jana 13.02.2013 20:28
Hallo Cosinus,

ich habe von Avira ein Free Antivirus-Programm, mit welchem ich mein PC auf Viren untersucht hatte, kurz bevor ich erstmalig mein Problem mit dem Trojaner-Inhavenet auf dem Forum Trojaner-Board.de veröffentlich hatte. Nachdem Du mich nun auf „ weitere Logs mit Befund“ aufmerksam gemacht hast, habe ich mir soeben das Ergebnis der letzten Virenscanners angeschaut. Da fallen mir zwei Befunde auf, die ich Dir hiermit poste.

Gruß
Carlos

Code:
Exportierte Ereignisse:

01.02.2013 16:37 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\d3dimo.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ignoriert.

01.02.2013 16:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\d3dimo.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus 14.02.2013 11:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

carlos94jana 17.02.2013 10:50
Hallo ,

Combofix wurde ausgefürt. Hier das Ergebnis:

Viel Erfolg und Danke.

Gruß
Carlos

Code:
ComboFix 13-02-15.01 - *** 17.02.2013  10:29:00.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.1998 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\4.0
c:\users\Gast\4.0
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-17 bis 2013-02-17  ))))))))))))))))))))))))))))))
.
.
2013-02-17 09:35 . 2013-02-17 09:35        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-17 09:35 . 2013-02-17 09:35        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2013-02-17 09:35 . 2013-02-17 09:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-15 18:37 . 2013-02-15 18:37        --------        d-----w-        c:\users\***\AppData\Roaming\PDF Architect
2013-02-15 15:43 . 2013-02-15 15:43        --------        d-----w-        c:\users\***\AppData\Local\ElevatedDiagnostics
2013-02-13 19:03 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-13 19:03 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 19:03 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 19:03 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-13 19:01 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-02-13 19:01 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-02-13 19:01 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-02-13 19:01 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-02-13 19:01 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-02-13 19:01 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-13 19:01 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:00 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 19:00 . 2012-12-26 05:47        1111040        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:00 . 2012-12-26 04:49        760320        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 09:46 . 2013-02-14 14:28        --------        d-----w-        c:\users\Gast\AppData\Local\Mozilla Firefox
2013-02-11 14:42 . 2013-02-11 14:42        --------        d-----w-        c:\users\Gast\AppData\Roaming\WildTangent
2013-02-08 13:30 . 2013-02-08 13:30        --------        d-----w-        c:\programdata\Uniblue
2013-02-02 00:08 . 2013-02-02 00:08        --------        d-----w-        c:\users\***\AppData\Roaming\pdfforge
2013-02-02 00:08 . 2012-05-05 09:54        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2013-02-02 00:08 . 2012-05-05 09:54        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2013-02-02 00:08 . 2013-02-02 00:08        --------        d-----w-        c:\program files (x86)\PDFCreator
2013-02-02 00:08 . 2012-05-05 09:54        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2013-02-02 00:08 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2013-02-02 00:08 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2013-02-01 20:48 . 2013-02-01 20:48        --------        d-----w-        c:\program files (x86)\PDF24
2013-02-01 20:29 . 2013-02-01 20:29        --------        d-----w-        c:\users\Gast\AppData\Roaming\PDF Architect
2013-02-01 20:27 . 2013-02-01 20:27        --------        d-----w-        c:\users\***\AppData\Roaming\Uniblue
2013-02-01 20:27 . 2013-02-01 20:27        --------        d-----w-        c:\program files (x86)\Uniblue
2013-02-01 20:27 . 2013-02-01 20:27        --------        d-----w-        c:\program files (x86)\PDF Architect
2013-02-01 20:27 . 2013-01-11 10:39        103936        ----a-w-        c:\windows\system32\pdfcmon.dll
2013-02-01 17:24 . 2013-02-01 17:24        --------        d-----w-        c:\users\Gast\AppData\Roaming\Malwarebytes
2013-02-01 12:26 . 2013-02-01 12:26        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2013-01-31 22:28 . 2013-01-31 22:28        --------        d-----w-        c:\users\Gast\AppData\Roaming\Avira
2013-01-31 22:23 . 2013-01-31 22:23        --------        d-----w-        c:\program files (x86)\Ask.com
2013-01-31 22:21 . 2013-01-31 22:15        27800        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-01-31 22:21 . 2013-01-31 22:15        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-01-31 22:21 . 2013-01-31 22:15        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-01-31 22:21 . 2013-01-31 22:21        --------        d-----w-        c:\program files (x86)\Avira
2013-01-31 17:27 . 2013-01-31 17:27        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2013-01-31 17:27 . 2013-01-31 17:27        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-31 17:27 . 2013-01-31 17:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-31 17:27 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-31 16:37 . 2013-01-31 16:37        --------        d-----w-        c:\users\Gast\AppData\Roaming\Ad-Aware Antivirus
2013-01-31 16:37 . 2013-01-31 16:37        --------        d-----w-        c:\programdata\Ad-Aware Antivirus
2013-01-31 16:35 . 2013-01-31 16:35        --------        d-----w-        c:\users\***\AppData\Roaming\LavasoftStatistics
2013-01-31 16:28 . 2013-01-31 16:48        --------        d-----w-        c:\program files (x86)\Ad-Aware Antivirus
2013-01-31 16:28 . 2013-01-31 16:28        --------        d-----w-        c:\programdata\Lavasoft
2013-01-31 16:22 . 2013-01-31 16:22        14456        ----a-w-        c:\windows\system32\drivers\gfibto.sys
2013-01-31 16:21 . 2013-01-31 16:21        --------        d-----w-        c:\programdata\blekko toolbars
2013-01-31 16:21 . 2013-01-31 16:21        --------        d-----w-        c:\program files (x86)\adawaretb
2013-01-31 16:21 . 2013-01-31 16:21        --------        d-----w-        c:\program files (x86)\Toolbar Cleaner
2013-01-31 16:20 . 2013-01-31 16:48        --------        d-----w-        c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2013-01-31 16:10 . 2013-01-31 16:20        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-01-31 16:09 . 2013-01-31 18:22        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-31 16:09 . 2013-01-31 16:09        --------        d-----w-        c:\users\***\AppData\Local\Programs
2013-01-31 13:22 . 2013-01-31 13:22        --------        d-----w-        c:\users\Gast\.tfo4
2013-01-27 08:43 . 2013-01-28 13:34        --------        d-----w-        c:\users\***\AppData\Roaming\Origin
2013-01-27 08:43 . 2013-01-29 20:21        --------        d-----w-        c:\programdata\Origin
2013-01-24 17:27 . 2013-01-24 17:27        --------        d-----w-        c:\users\***\Tracing
2013-01-24 17:27 . 2013-01-31 17:14        --------        d-----w-        c:\program files (x86)\SweetIM
2013-01-24 17:24 . 2013-01-24 17:24        --------        d-----w-        c:\program files (x86)\sweetpacks bundle uninstaller
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 21:03 . 2011-07-26 06:31        70004024        ----a-w-        c:\windows\system32\MRT.exe
2013-01-12 02:30 . 2013-01-15 05:53        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 13:52 . 1998-07-28 16:01        1070152        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2013-01-06 17:20 . 2013-01-06 17:20        859072        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-01-06 17:20 . 2011-08-29 11:05        779704        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 19:01        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 10:26        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 10:26        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:26        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:26        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 21:00        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 21:00        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 21:00        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 21:00        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 21:00        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 21:00        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 21:00        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 21:00        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 21:00        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 21:00        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 21:00        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 21:00        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 21:00        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 21:00        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 21:00        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 21:00        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 21:00        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 21:00        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 21:00        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 21:00        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 21:00        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 21:00        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 21:00        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 21:00        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 21:00        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 21:00        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 21:00        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 20:59        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 20:59        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 20:59        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 20:59        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 20:59        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 20:59        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 20:59        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 20:59        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 20:59        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 20:59        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56        1521952        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-18 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
p6_19_erinnerung.lnk - c:\program files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-21 1370224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-17 44480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1255736]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-31 14456]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-12 25576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-01-31 27800]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-12-10 868224]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2010-11-12 257344]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2010-12-11 67112]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2010-12-11 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2010-12-15 35368]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2010-12-11 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-02-01 11:51]
.
2013-02-17 c:\windows\Tasks\ZMBEOY.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-12-10 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_ptnrs=%5EAGS&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 18:27; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-01-31 17:21; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2013-02-01 21:27; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{8F2754CA-B124-4530-9542-00FE699EA8FD} - c:\program files (x86)\Watchtower\Watchtower Library 2010\X\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-746099090-312496325-1089877124-1001\Software\SecuROM\License information*]
"datasecu"=hex:b6,2b,3b,98,21,37,1e,43,35,2f,99,3c,b0,df,ac,e2,14,bf,95,eb,63,
  de,e7,0e,d6,67,59,cb,74,4e,d2,33,95,bc,8d,78,00,e6,27,b4,e2,85,43,21,4f,11,\
"rkeysecu"=hex:23,80,ad,04,54,95,b4,68,09,1f,61,ba,3f,2e,5a,9e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-17  10:39:04
ComboFix-quarantined-files.txt  2013-02-17 09:39
.
Vor Suchlauf: 9 Verzeichnis(se), 380.065.579.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 379.774.033.920 Bytes frei
.
- - End Of File - - 1EDEAF201102085AA10951B88D74DBB6

carlos94jana 18.02.2013 13:34
Hallo ,

mir ist aufgefallen, dass ich während der Ausführung von Combofix nicht Internetbrowser abgeschlossen hatte. Des Weiteren hatte ich mein Antivirenprogramm von Avira ich zwar ausgeschaltet (Häckchen bei Echzeitscann entfernt), wurde aber zu Beginn der Ausführung eine Meldung von Combofix angezeigt, dass die Ausführung durch Avira behindert wird. Ich habe denn noch Combofix ausgeführt. Kannst Du mit dem Ergebnis etwas anfangen oder muss ich erneut das Combofix ausführen?

Gruß
Carlos

cosinus 20.02.2013 00:27
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

carlos94jana 12.03.2013 19:28
Hallo,
mein Problem wurde anderweitig gelöst.

Ich danke Dir für diene wertvolle Zeit.

Viele liebe Grüße
Carlos

cosinus 12.03.2013 23:40
Dürfte man erfahren was wie genau gelöst wurde?
Daran könnten auch andere interessiert sein, danke

carlos94jana 14.04.2013 20:50
Hallo Cosinus,

Bitte entschuldige mich, dass ich mich jetzt erst melde.

Um auf deine Frage zu beantworten, klicke bitte auf den nachfolgenden Link an:

hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=152054&highlight=carlos94

Viele Grüße
Carlos94

cosinus 15.04.2013 12:17
Was bitte solllte dieses Crossposting :balla:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131