| micha64546 | 16.03.2013 17:43 |
Ich werde "imp.js von tracker.tradedoubler.com" nicht los
Hallo zusammen, seit einiger Zeit erscheint immer "Möchten sie imp.js (226 Bytes) von tracker.tradedoubler.com öffnen oder speichern?"
Habe schon einiges versucht, werde "es" aber nicht los!
Wer kann helfen?
OTL Logfile: Code:
OTL logfile created on: 16.03.2013 17:44:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\micha\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 68,43% Memory free
3,74 Gb Paging File | 2,44 Gb Available in Paging File | 65,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 173,14 Gb Free Space | 74,38% Space Free | Partition Type: NTFS
Computer Name: MICHA-PC | User Name: micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.16 17:38:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
PRC - [2013.03.15 22:27:42 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\micha\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.03.13 22:25:17 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.03.13 22:25:17 | 000,023,552 | ---- | M] (Microsoft) -- C:\Programme\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.03.11 15:52:48 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\micha\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgfws.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.01.08 13:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
PRC - [2009.02.26 17:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.29 14:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.23 03:28:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 19:28:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 19:28:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 19:27:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 19:27:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 19:27:44 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 02:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013.03.13 18:00:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.11 15:52:48 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 17:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.09.29 14:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\micha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.03.31 03:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.24 10:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes,DefaultScope = {7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{015083B5-2245-48BF-8AB0-3DFD41FF3206}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN24033145281412015&UM=1
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\micha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\micha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.09 12:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.03.12 16:39:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.09 12:54:41 | 000,000,000 | ---D | M]
[2012.08.12 08:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\micha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.02.23 13:41:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll̀ File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll̀ File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000..\Run: [SkyDrive] C:\Users\micha\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000..\Run: [Yontoo Desktop] C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0860B0DC-7BD4-4183-8874-4631B6D0F36F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.16 17:38:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
[2013.03.14 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.14 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\HTML Executable
[2013.03.14 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\AVG2013
[2013.03.14 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\TuneUp Software
[2013.03.14 19:04:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.14 19:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.14 19:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013.03.14 19:02:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\MFAData
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Avg2013
[2013.03.14 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\Yontoo
[2013.03.14 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013.03.14 18:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.12 17:41:12 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.03.12 17:40:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.03.12 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.03.12 17:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.03.12 17:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013.03.12 17:37:00 | 000,000,000 | R--D | C] -- C:\Users\micha\SkyDrive
[2013.03.12 17:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.03.12 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Windows Live
[2013.03.12 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.03.12 16:39:11 | 000,000,000 | ---D | C] -- C:\Users\micha\Documents\Freemake
[2013.03.12 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.03.12 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.03.12 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.03.12 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\OpenCandy
[2013.03.12 16:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013.03.12 16:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013.03.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3
[2013.03.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Conduit
[2013.03.12 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\vlc
[2013.03.12 16:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.12 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.03.09 22:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013.03.09 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.03.09 12:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2013.02.23 16:59:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\micha\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.23 13:58:00 | 002,347,384 | ---- | C] (ESET) -- C:\Users\micha\Desktop\esetsmartinstaller_enu.exe
[2013.02.23 13:44:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.23 13:30:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.23 13:30:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.23 13:30:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.23 13:29:26 | 005,034,320 | R--- | C] (Swearware) -- C:\Users\micha\Desktop\ComboFix.exe
[2013.02.22 17:41:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.22 17:40:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 19:57:56 | 017,813,784 | ---- | C] (Dropbox, Inc.) -- C:\Users\micha\Dropbox 1.4.17.exe
[2012.08.29 16:15:42 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\micha\ccsetup322.exe
[2012.08.11 16:17:27 | 007,280,088 | ---- | C] (Dark Byte ) -- C:\Users\micha\CheatEngine62.exe
[2012.05.24 20:09:03 | 160,724,984 | ---- | C] (HTC Corporation ) -- C:\Users\micha\setup_3.2.10 (1).exe
[2012.05.07 12:23:41 | 001,960,816 | ---- | C] (DriverBoost) -- C:\Users\micha\DriverBoostPro_Setup.exe
[2012.05.07 12:09:24 | 009,209,368 | ---- | C] (Acer Incorporated) -- C:\Users\micha\LiveUpdater.exe
[2012.03.08 17:17:34 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\micha\ccsetup316.exe
[2012.02.19 20:23:38 | 000,313,936 | ---- | C] (Softonic) -- C:\Users\micha\SoftonicDownloader_fuer_multi-timer.exe
[2011.11.20 17:39:36 | 010,132,608 | ---- | C] (Geek Software GmbH ) -- C:\Users\micha\pdf24-creator.exe
[2011.11.17 19:24:14 | 006,473,436 | ---- | C] (Dark Byte ) -- C:\Users\micha\CheatEngine61.exe
[2011.11.16 19:25:26 | 012,925,584 | ---- | C] (Nullsoft, Inc.) -- C:\Users\micha\winamp5622_full_emusic-7plus_de-de.exe
[2011.11.07 10:32:46 | 011,703,104 | ---- | C] (EASEUS ) -- C:\Users\micha\EASEUS_PartitionMaster_9.1.exe
[2011.10.30 18:38:31 | 009,075,640 | ---- | C] (Vuze Inc.) -- C:\Users\micha\Vuze_Installer.exe
[2011.10.27 19:29:45 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Users\micha\gimp-2.6.11-i686-setup-1.exe
========== Files - Modified Within 30 Days ==========
[2013.03.16 17:38:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
[2013.03.16 17:37:28 | 000,000,000 | ---- | M] () -- C:\Users\micha\defogger_reenable
[2013.03.16 17:33:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.16 17:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561185452-2098543723-1992313556-1000UA.job
[2013.03.16 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.16 16:33:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.16 12:33:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 12:33:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 12:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 12:25:45 | 1504,137,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 20:08:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561185452-2098543723-1992313556-1000Core.job
[2013.03.14 21:14:04 | 000,002,364 | ---- | M] () -- C:\Users\micha\Desktop\Google Chrome.lnk
[2013.03.14 19:12:34 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.14 18:41:25 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013.03.14 18:40:39 | 000,000,000 | ---- | M] () -- C:\END
[2013.03.12 21:04:37 | 000,002,060 | ---- | M] () -- C:\Users\micha\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.03.12 21:04:37 | 000,001,989 | ---- | M] () -- C:\Users\micha\Desktop\Avira DE-Cleaner.lnk
[2013.03.12 16:39:10 | 000,001,314 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.03.12 16:08:38 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.12 15:53:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.12 15:04:19 | 000,003,951 | ---- | M] () -- C:\Users\micha\.recently-used.xbel
[2013.03.11 21:26:07 | 000,272,380 | ---- | M] () -- C:\Windows\hpwins20.dat
[2013.03.11 21:05:26 | 000,067,623 | ---- | M] () -- C:\Users\micha\Desktop\HP Installationsfehler – Windows 7.hta
[2013.03.10 09:04:46 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.09 18:59:01 | 000,123,362 | ---- | M] () -- C:\Users\micha\Desktop\IMAG0314.jpg
[2013.03.09 12:53:51 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.03.09 12:53:31 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.03.09 12:21:59 | 000,708,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.09 12:21:59 | 000,663,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.09 12:21:59 | 000,151,886 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.09 12:21:59 | 000,124,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 08:09:04 | 000,000,326 | ---- | M] () -- C:\Users\micha\Desktop\HP Druckerdiagnosetools.url
[2013.02.23 17:00:26 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.23 16:59:53 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\micha\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.23 13:58:36 | 002,347,384 | ---- | M] (ESET) -- C:\Users\micha\Desktop\esetsmartinstaller_enu.exe
[2013.02.23 13:41:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.23 13:29:37 | 005,034,320 | R--- | M] (Swearware) -- C:\Users\micha\Desktop\ComboFix.exe
[2013.02.20 21:01:56 | 000,242,691 | ---- | M] () -- C:\Users\micha\Toll.jpg
[2013.02.20 21:01:27 | 002,212,650 | ---- | M] () -- C:\Users\micha\Toll.xcf
========== Files Created - No Company Name ==========
[2013.03.16 17:37:28 | 000,000,000 | ---- | C] () -- C:\Users\micha\defogger_reenable
[2013.03.14 19:06:37 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.14 18:40:39 | 000,000,000 | ---- | C] () -- C:\END
[2013.03.12 21:04:37 | 000,002,060 | ---- | C] () -- C:\Users\micha\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.03.12 21:04:37 | 000,001,989 | ---- | C] () -- C:\Users\micha\Desktop\Avira DE-Cleaner.lnk
[2013.03.12 17:40:48 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.03.12 17:40:37 | 000,001,356 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.03.12 17:40:18 | 000,002,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.03.12 17:37:00 | 000,002,176 | ---- | C] () -- C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.03.12 16:39:10 | 000,001,314 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.03.12 16:08:38 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.12 15:53:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.12 15:04:19 | 000,003,951 | ---- | C] () -- C:\Users\micha\.recently-used.xbel
[2013.03.11 21:05:25 | 000,067,623 | ---- | C] () -- C:\Users\micha\Desktop\HP Installationsfehler – Windows 7.hta
[2013.03.09 18:57:35 | 000,123,362 | ---- | C] () -- C:\Users\micha\Desktop\IMAG0314.jpg
[2013.03.09 12:54:22 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.03.09 12:53:51 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.03.09 12:53:31 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.03.09 12:49:47 | 000,272,380 | ---- | C] () -- C:\Windows\hpwins20.dat
[2013.03.09 12:49:47 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2013.03.09 11:25:53 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2013.03.02 08:09:04 | 000,000,326 | ---- | C] () -- C:\Users\micha\Desktop\HP Druckerdiagnosetools.url
[2013.02.23 13:30:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.23 13:30:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.23 13:30:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.22 17:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.22 17:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.20 21:01:56 | 000,242,691 | ---- | C] () -- C:\Users\micha\Toll.jpg
[2013.02.20 21:01:27 | 002,212,650 | ---- | C] () -- C:\Users\micha\Toll.xcf
[2013.01.22 08:24:05 | 001,814,725 | ---- | C] () -- C:\Users\micha\2013-01-22 08.18.39.jpg
[2012.12.22 07:08:37 | 000,005,278 | ---- | C] () -- C:\Users\micha\cc_20121222_070832.reg
[2012.12.15 20:45:15 | 002,774,400 | ---- | C] () -- C:\Users\micha\de_windows_keyfinder_2012_x86.exe
[2012.11.27 18:30:21 | 000,000,348 | ---- | C] () -- C:\Users\micha\Sandh Mannh 27.11.rtf
[2012.11.06 16:42:10 | 000,041,931 | ---- | C] () -- C:\Users\micha\479922_435525343176066_1899941813_n.jpg
[2012.11.05 16:27:09 | 000,004,401 | ---- | C] () -- C:\Users\micha\Ihr Antrag für eine Kfz-Versicherung bei der Kravag KfzPolice-Plus.html
[2012.11.01 19:15:41 | 002,817,989 | ---- | C] () -- C:\Users\micha\Scannen0001.jpg
[2012.11.01 19:15:40 | 000,970,904 | ---- | C] () -- C:\Users\micha\Scannen0001.pdf
[2012.10.30 05:27:51 | 000,007,514 | ---- | C] () -- C:\Users\micha\mieterselbstauskunft.pdf
[2012.10.23 13:44:08 | 005,154,304 | ---- | C] () -- C:\Users\micha\fpe_setup_en.msi
[2012.10.10 21:29:15 | 000,059,904 | ---- | C] () -- C:\Users\micha\AppData\Local\cnjohxhw
[2012.10.10 21:27:11 | 000,000,000 | ---- | C] () -- C:\Users\micha\AppData\Roaming\SharedSettings.ccs
[2012.10.02 13:29:21 | 000,865,194 | ---- | C] () -- C:\Users\micha\zusage_kautionsversicherung.pdf
[2012.10.01 16:05:31 | 000,000,439 | ---- | C] () -- C:\Users\micha\qrcode (1).png
[2012.10.01 16:04:05 | 000,000,439 | ---- | C] () -- C:\Users\micha\qrcode.png
[2012.09.27 15:33:07 | 000,029,133 | ---- | C] () -- C:\Users\micha\vwbus.jpg
[2012.09.24 01:19:14 | 000,026,944 | ---- | C] () -- C:\Users\micha\575708_157780711020905_1906227798_n.jpg
[2012.09.24 00:55:57 | 000,069,550 | ---- | C] () -- C:\Users\micha\476621_199584843507158_1517161405_o.jpg
[2012.09.01 09:58:18 | 000,008,478 | ---- | C] () -- C:\Users\micha\Unbenannt.jpg
[2012.09.01 09:55:28 | 000,029,206 | ---- | C] () -- C:\Users\micha\Unbenannt.xcf
[2012.08.29 16:43:30 | 000,202,448 | ---- | C] () -- C:\Users\micha\cc_20120829_174323.reg
[2012.08.23 18:01:48 | 000,157,659 | ---- | C] () -- C:\Users\micha\484530_408249042566756_927274739_n.jpg
[2012.08.19 09:20:27 | 003,363,743 | ---- | C] () -- C:\Users\micha\CardRdr_Jmicron_1.00.16.01_XPx86_A.zip
[2012.08.16 18:32:37 | 000,010,062 | ---- | C] () -- C:\Users\micha\304950_315516081878559_1887497933_n.jpg
[2012.08.16 16:36:23 | 001,477,215 | ---- | C] () -- C:\Users\micha\DOC160812-004 (1).pdf
[2012.08.16 16:33:05 | 000,818,400 | ---- | C] () -- C:\Users\micha\DOC160812-004.pdf
[2012.08.15 15:32:13 | 029,851,432 | ---- | C] () -- C:\Users\micha\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe
[2012.08.14 17:28:13 | 000,012,222 | ---- | C] () -- C:\Users\micha\LeiderGeil.jpg
[2012.08.05 14:31:36 | 008,163,862 | ---- | C] () -- C:\Users\micha\Application_Acer_1.02.3502_W7x86W7x64_A.zip
[2012.08.05 14:30:51 | 023,872,254 | ---- | C] () -- C:\Users\micha\VGA_Intel_8.15.10.1867_W7x86_A.zip
[2012.06.19 05:16:41 | 000,092,043 | ---- | C] () -- C:\Users\micha\mahnung.pdf
[2012.06.16 09:19:31 | 000,030,277 | ---- | C] () -- C:\Users\micha\577457_240003472779475_837613404_n.jpg
[2012.06.13 19:30:42 | 000,069,051 | ---- | C] () -- C:\Users\micha\380364_431266746906463_609487104_n.jpg
[2012.06.10 17:12:08 | 000,111,530 | ---- | C] () -- C:\Users\micha\USt2009_Silvia_Hamacher.elfo
[2012.06.06 12:42:00 | 000,001,363 | ---- | C] () -- C:\Users\micha\Janine Bewerbung Matthiesen.rtf
[2012.05.16 18:12:04 | 000,080,881 | ---- | C] () -- C:\Users\micha\577019_3247283456784_1107852449_32694894_692021505_n.jpg
[2012.05.13 13:25:19 | 000,066,393 | ---- | C] () -- C:\Users\micha\Versicherungsbestätigung_Endgültige_Zulassung.pdf
[2012.05.13 13:25:07 | 000,066,393 | ---- | C] () -- C:\Users\micha\Versicherungsbestätigung_Endgültige_Zulassung (1).pdf
[2012.04.20 20:30:20 | 000,000,365 | ---- | C] () -- C:\Users\micha\Auszahlungen_janiine90_Jan-21-2012_Apr-19-2012.csv
[2012.04.14 13:40:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.04.14 13:39:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.04.10 09:42:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.22 08:22:35 | 000,179,665 | ---- | C] () -- C:\Users\micha\SoftKeyRevealer.zip
[2012.03.16 18:53:56 | 021,476,536 | ---- | C] () -- C:\Users\micha\SeaToolsforWindowsSetup-1206.exe
[2012.02.16 04:58:04 | 000,000,203 | ---- | C] () -- C:\Users\micha\Dokument.rtf
[2011.12.29 19:51:49 | 000,010,424 | ---- | C] () -- C:\Users\micha\Michael Stenken.dotx
[2011.12.03 19:38:42 | 000,862,720 | ---- | C] () -- C:\Users\micha\Publikation2.pub
[2011.11.20 19:12:49 | 001,726,549 | ---- | C] () -- C:\Users\micha\Bewerbung für FES.pdf
[2011.11.20 17:46:02 | 001,710,091 | ---- | C] () -- C:\Users\micha\bewerbung1.pdf
[2011.11.20 17:32:19 | 000,017,646 | ---- | C] () -- C:\Users\micha\bewerbung.pdf
[2011.11.20 11:05:03 | 000,000,141 | ---- | C] () -- C:\Users\micha\AppData\Roaming\default.rss
[2011.11.12 10:27:15 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.11.11 14:34:28 | 001,730,953 | ---- | C] () -- C:\Users\micha\Bewerbung mit.pdf
[2011.11.10 14:14:03 | 001,444,140 | ---- | C] () -- C:\Users\micha\Windows 7 Loader 2.0.7 By Daz.rar
[2011.11.10 13:03:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.11.10 12:53:46 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.11.10 12:52:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.11.10 07:35:14 | 295,266,400 | ---- | C] () -- C:\Users\micha\OJJ4600_Full_14.exe
[2011.11.02 17:39:20 | 004,952,410 | ---- | C] () -- C:\Users\micha\FTS_RealtekRTL8102EFamilyPCIEFastEthernet_62065022008_1026891.ZIP
[2011.11.02 16:40:25 | 001,322,109 | ---- | C] () -- C:\Users\micha\A26391-K90-Z200-de_web.pdf
[2011.10.31 06:26:04 | 000,001,104 | ---- | C] () -- C:\Users\micha\+Trend+Micro+Internet+Security+Pro+2008.torrent
[2011.10.30 19:16:06 | 000,015,650 | ---- | C] () -- C:\Users\micha\Nero-11.0.11000Pre-ActivatedFullVersionWorking100@www.torrent.to.torrent
[2011.10.29 18:17:29 | 008,867,840 | ---- | C] () -- C:\Users\micha\SeaToolsDOS223ALL.ISO
[2011.10.28 19:47:44 | 062,010,251 | ---- | C] () -- C:\Users\micha\Audio_Realtek_6.0.1.5888_W7x86_A.zip
[2011.10.28 18:54:11 | 002,475,562 | ---- | C] () -- C:\Users\micha\Chipset_Intel_9.1.1.1020_W7x86W7x64_A.zip
[2011.10.26 17:45:24 | 000,060,416 | -H-- | C] () -- C:\Users\micha\LinqBridge.dll
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.14 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.03.14 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.03.14 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\AVG2013
[2013.03.15 21:32:11 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Azureus
[2013.03.16 12:27:02 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Dropbox
[2012.02.21 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\DVDVideoSoft
[2012.02.21 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.10 16:06:14 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\elsterformular
[2013.03.12 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\gtk-2.0
[2012.06.30 09:17:05 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTC
[2012.06.30 09:17:21 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTC Sync
[2013.03.14 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTML Executable
[2013.03.12 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\OpenCandy
[2013.03.14 19:06:36 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\TuneUp Software
[2013.03.16 12:26:48 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Yontoo
========== Purity Check ==========
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 18:57:35
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\micha\AppData\Local\Temp\ugloypow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8EDF314A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8EDF321A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8EDF2D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8EDF2F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8EDF3000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8EDF2E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8EDF2ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8EDF309C]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A889E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC21C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82AC946C 8 Bytes [4A, 31, DF, 8E, 1A, 32, DF, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82AC94B4 4 Bytes [7C, 2D, DF, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82AC9774 8 Bytes [6A, 2F, DF, 8E, 00, 30, DF, ...] {PUSH 0x2f; FISTTP WORD [ESI-0x7120d000]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82AC9784 8 Bytes [32, 2E, DF, 8E, CE, 2E, DF, ...] {XOR CH, [ESI]; FISTTP WORD [ESI-0x7120d132]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82AC97F8 4 Bytes [9C, 30, DF, 8E]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!EnableWindow 76118D02 5 Bytes JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxParamW 76133B9B 5 Bytes JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxIndirectParamW 76143B7F 5 Bytes JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxParamA 7615CF42 5 Bytes JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxIndirectParamA 7615D274 5 Bytes JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxIndirectA 7616E869 5 Bytes JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxIndirectW 7616E963 5 Bytes JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxExA 7616E9C9 5 Bytes JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxExW 7616E9ED 5 Bytes JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] kernel32.dll!CreateThread 764FDCC2 5 Bytes JMP 674975E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!EnableWindow 76118D02 5 Bytes JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CallNextHookEx 7611ABE1 5 Bytes JMP 674F7FF1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!UnhookWindowsHookEx 7611ADF9 5 Bytes JMP 6751ED14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DefWindowProcA 7611BB1C 7 Bytes JMP 6749980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CreateWindowExA 7611BF40 5 Bytes JMP 674A3643 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!SetWindowsHookExW 7611E30C 5 Bytes JMP 674D25B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CreateWindowExW 7611EC7C 5 Bytes JMP 675003DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DefWindowProcW 7612507D 7 Bytes JMP 674F8054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxParamW 76133B9B 5 Bytes JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxIndirectParamW 76143B7F 5 Bytes JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxParamA 7615CF42 5 Bytes JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxIndirectParamA 7615D274 5 Bytes JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxIndirectA 7616E869 5 Bytes JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxIndirectW 7616E963 5 Bytes JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxExA 7616E9C9 5 Bytes JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxExW 7616E9ED 5 Bytes JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26064] ole32.dll!OleLoadFromStream 75FB6143 5 Bytes JMP 67629704 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] kernel32.dll!CreateThread 764FDCC2 5 Bytes JMP 674975E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!EnableWindow 76118D02 5 Bytes JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CallNextHookEx 7611ABE1 5 Bytes JMP 674F7FF1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!UnhookWindowsHookEx 7611ADF9 5 Bytes JMP 6751ED14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DefWindowProcA 7611BB1C 7 Bytes JMP 6749980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CreateWindowExA 7611BF40 5 Bytes JMP 674A3643 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!SetWindowsHookExW 7611E30C 5 Bytes JMP 674D25B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CreateWindowExW 7611EC7C 5 Bytes JMP 675003DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DefWindowProcW 7612507D 7 Bytes JMP 674F8054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxParamW 76133B9B 5 Bytes JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxIndirectParamW 76143B7F 5 Bytes JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxParamA 7615CF42 5 Bytes JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxIndirectParamA 7615D274 5 Bytes JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxIndirectA 7616E869 5 Bytes JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxIndirectW 7616E963 5 Bytes JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxExA 7616E9C9 5 Bytes JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxExW 7616E9ED 5 Bytes JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[26696] ole32.dll!OleLoadFromStream 75FB6143 5 Bytes JMP 67629704 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- Processes - GMER 2.1 ----
Process regsvr32.exe (*** hidden *** ) 31420
---- EOF - GMER 2.1 ----
--- --- ---
Einen "EXTRAS.txt " gab es nicht.... |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
