| |
| |||||||
Log-Analyse und Auswertung: Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.04.2013, 13:00
| #1 |
 |  Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Hallo Liebes Trojaner Board Team. Das ist das erste Mal, dass es mich nicht freut, dass ich ein Forum erneut besuche(n muss). Das heißt, ich war schonmal hier, damals wurde mir sehr kompetent geholfen  Hier erstmal der Link zum alten Thread http://www.trojaner-board.de/130341-...g-firefox.html Das selbe Problem habe ich wieder. Beim Klicken auf irgendwelche Links kommt in unregelmäßigen Abständen die Meldung: "document has moved, redirecting..." und führt mich dann auf irgendeine Seite, aber nicht die, die ich wollte.  Aber dieses Problem ist hier ja sicher schon bekannt.Außerdem kann ich auch weiterhin bei google den suchtext nicht markieren: Zitat aus dem alten Thread, etwas überarbeitet: "Wenn ich bei Google etwas eingebe, und das dann markieren möchte, funktioniert das einfach nicht. der Cursor bleibt einfach hinter dem Geschriebenen stehen. Nicht nur das Markieren funktioniert nicht, auch die Position des Cursors ansich lässt sich per Mausklick nicht verändern. Per pos1 - Taste bzw. mit den Pfeiltasten lässt sich die Cursorposition jedoch verändern. Ich hoffe das war jetzt einigermaßen verständlich." Ob diese Infizierung damals wirklich gelöst wurde und es jetzt zu einer erneuten Infizierung kam, oder ob sie eigentlich nie richtig weg war, weis ich nicht. Die Symptome jedoch waren kurzzeitig verschwunden. Seit kurzem hab ich ein weiteres Problem: Beim öffnen jeder Seite im Browser erscheint unten links eine Werbeeinblendung. Diese kann ich zwar mit dem [x] einfach schließen, doch mit der Zeit ist es sehr nervig. Lediglich bei google.de und facebook.de geschieht das nicht. Auf dem Dorf mit sehr langsamen Internet konnte ich erkennen, das links unten im Browser sehr lange die Adresse imgads.night-hawk.net lädt, bevor die Werbung erscheint. Viel seltener erscheint anstatt der Werbeeinblendung unten links eine Werbeeinblendung in der Mitte unten, die einfach den Titel der aufgerufenen Seite nimmt und dann fragt: "looking for 'Titel der Seite'" Auch diese kann ganz einfach per [x] geschlossen werden. Beide Phänomene habe ich als Screenshot im Anhang gespeichert. Außerdem quält mich Smart Suggestor. Im gesamten Browser sind scheinbar willkürlich Wörter mit irgendwelchen Werbungen verlinkt. Bei den Addons ist es nicht zu finden, auch jede andere Möglichkeit, es zu deinstallieren/löschen, scheiterte. EDIT: OTL hat irgendwie nur die OTL.txt ausgespuckt, Extras.txt fehlt leider. Hier noch die Logs: Code:
ATTFilter OTL logfile created on: 10.04.2013 00:20:43 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steini\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 4,22 Gb Available Physical Memory | 53,45% Memory free 15,80 Gb Paging File | 11,79 Gb Available in Paging File | 74,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 909,03 Gb Total Space | 636,85 Gb Free Space | 70,06% Space Free | Partition Type: NTFS Drive D: | 22,19 Gb Total Space | 2,36 Gb Free Space | 10,63% Space Free | Partition Type: NTFS Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 15,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 13,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HP-STEINI | User Name: Steini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Steini\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.) PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (REN2CAP_DRIVER) -- C:\Windows\SysNative\drivers\ren2cap.sys () DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys (Symantec Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (FSProFilter) -- C:\Windows\SysNative\drivers\FSPFltd.sys (FSPro Labs) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130409.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130409.003\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130406.002\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{F29DC52A-10C1-41A0-B417-AD867D262592}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0d9980cd-98b9-4afb-9e06-0b523d5d6acb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{F29DC52A-10C1-41A0-B417-AD867D262592}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0d9980cd-98b9-4afb-9e06-0b523d5d6acb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013.03.31 13:16:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.03.31 13:16:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.28 22:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.23 14:42:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 23:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\Extensions [2013.04.09 19:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\Firefox\Profiles\nar1bxrf.default\extensions [2013.04.09 17:38:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Steini\AppData\Roaming\mozilla\Firefox\Profiles\nar1bxrf.default\extensions\ich@maltegoetz.de [2013.04.09 19:59:15 | 001,016,663 | ---- | M] () (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\antigameorigin@antigame.de.xpi [2012.10.23 18:43:53 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\DivXWebPlayer@divx.com.xpi [2013.01.16 23:05:57 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi [2012.11.09 11:36:49 | 000,006,522 | ---- | M] () -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\searchplugins\pcpmngr.xml [2012.11.30 12:18:45 | 000,002,089 | ---- | M] () -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\searchplugins\Startpins.xml [2013.03.23 14:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.05 14:38:35 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found. O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX230" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C442D40-AB7E-45EE-918A-C7D60DD9C88A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33A462B-903F-469E-8B78-1F8C51438511}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.18 14:40:03 | 000,000,069 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.22 18:40:18 | 000,000,024 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 008,533,584 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 000,387,878 | R--- | M] () - I:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.14 00:34:21 | 000,000,058 | R--- | M] () - J:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Local\HP [2013.04.09 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\IDT [2013.04.09 18:41:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.09 18:36:50 | 004,316,280 | ---- | C] (Piriform Ltd) -- C:\Users\Steini\Desktop\ccsetup400.exe [2013.04.09 01:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.04.09 01:04:09 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Local\PutLockerDownloader [2013.04.09 01:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2013.04.09 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.04.09 01:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com [2013.04.02 18:41:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.04.01 23:58:57 | 000,000,000 | ---D | C] -- C:\Users\Steini\Desktop\Shades of Grey 01 - Geheimes Verlangen [2013.03.26 13:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.26 13:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.26 13:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.13 15:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 15:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 15:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 21:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.10 00:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 19:04:28 | 000,000,165 | -H-- | M] () -- C:\Users\Steini\Documents\~$Ogame Uni 70.ods [2013.04.09 18:41:50 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.09 18:40:04 | 000,085,984 | ---- | M] () -- C:\Users\Steini\Documents\cc_20130409_183951.reg [2013.04.09 18:37:30 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.09 18:36:51 | 004,316,280 | ---- | M] (Piriform Ltd) -- C:\Users\Steini\Desktop\ccsetup400.exe [2013.04.09 17:58:21 | 000,377,856 | ---- | M] () -- C:\Users\Steini\Desktop\gmer_2.1.19163.exe [2013.04.09 17:39:17 | 000,006,643 | ---- | M] () -- C:\Users\Steini\Documents\Ogame Uni 70.ods [2013.04.09 11:44:38 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 11:44:38 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.09 11:44:38 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 11:44:38 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.09 11:44:38 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 11:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.04 13:21:18 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 13:21:18 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 21:00:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteini.job [2013.03.31 13:16:01 | 2068,295,679 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 22:56:22 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.23 14:42:40 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.14 05:01:10 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.09 19:04:28 | 000,000,165 | -H-- | C] () -- C:\Users\Steini\Documents\~$Ogame Uni 70.ods [2013.04.09 18:39:57 | 000,085,984 | ---- | C] () -- C:\Users\Steini\Documents\cc_20130409_183951.reg [2013.04.09 17:58:21 | 000,377,856 | ---- | C] () -- C:\Users\Steini\Desktop\gmer_2.1.19163.exe [2013.04.09 01:04:44 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.03 18:45:24 | 000,006,643 | ---- | C] () -- C:\Users\Steini\Documents\Ogame Uni 70.ods [2013.04.01 23:58:57 | 002,474,942 | ---- | C] () -- C:\Users\Steini\Documents\Shades of Grey 01 - Geheimes Verlangen - E L James.rtf [2013.02.01 02:17:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.01 02:17:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.01 02:17:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.01 02:17:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.01 02:17:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.13 14:58:01 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.07 21:58:54 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.07 21:58:46 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.11 01:37:03 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.12.11 01:34:21 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.12.05 14:38:39 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe [2012.11.21 15:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.07 17:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\apache.dll [2012.10.24 13:17:01 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.10.10 20:14:51 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.09 20:04:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.08.06 15:25:20 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.08.06 15:13:23 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.06 15:13:22 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.06 15:13:21 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.06 15:13:20 | 013,001,728 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.15 12:51:24 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Audacity [2012.10.10 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Bioshock2 [2012.10.12 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Canneverbe Limited [2013.04.09 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\DAEMON Tools Lite [2012.11.13 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Day 1 Studios [2013.04.09 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\IDT [2012.11.09 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\IrfanView [2013.01.30 23:04:12 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\runic games [2012.12.17 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\SoftGrid Client [2012.10.09 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Synaptics [2013.01.07 23:29:23 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Theta [2012.10.10 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\TP [2012.12.11 01:46:13 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\TuneUp Software [2012.11.26 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\Unity [2013.01.13 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\WebApp [2012.12.10 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\WildTangent [2012.10.24 13:04:02 | 000,000,000 | ---D | M] -- C:\Users\Steini\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 02:32:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Steini\AppData\Local\Temp\fwlcipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765c1465 2 bytes [5C, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765c14bb 2 bytes [5C, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[9804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765c1465 2 bytes [5C, 76]
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[9804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765c14bb 2 bytes [5C, 76]
.text ... * 2
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c6f9c0 5 bytes JMP 000000016da55f49
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 0000000077c6f9d8 5 bytes JMP 000000016da56411
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077c6fa08 5 bytes JMP 000000016da5016d
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077c6fa20 5 bytes JMP 000000016da4fbca
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077c6fa70 5 bytes JMP 000000016da4fa44
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077c6fa88 2 bytes JMP 000000016da4fb52
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 0000000077c6fa8b 2 bytes [DE, F5]
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077c6fb20 5 bytes JMP 000000016da50424
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077c6fc18 5 bytes JMP 000000016da54369
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077c6fd2c 5 bytes JMP 000000016da4f9cc
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c6fd44 5 bytes JMP 000000016da54959
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077c6fd78 5 bytes JMP 000000016da539de
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077c6fe24 5 bytes JMP 000000016da55fc4
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077c6fe3c 5 bytes JMP 000000016da54adb
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c70094 5 bytes JMP 000000016da54791
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077c701a4 5 bytes JMP 000000016da4fc42
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077c709c4 5 bytes JMP 000000016da54584
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077c709dc 5 bytes JMP 000000016da4cc5b
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077c70a24 5 bytes JMP 000000016da4cd29
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077c70b60 5 bytes JMP 000000016da4ccc2
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077c70f50 5 bytes JMP 000000016da4fcba
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c70f68 5 bytes JMP 000000016da4ff45
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077c70ff8 5 bytes JMP 000000016da501fd
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077c7131c 5 bytes JMP 000000016da54b6b
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077c7145c 5 bytes JMP 000000016da4fec9
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077c71508 5 bytes JMP 000000016da56389
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077c716f8 1 byte JMP 000000016da4d138
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2 0000000077c716fa 3 bytes {JMP 0xfffffffff5ddba40}
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077c71a38 5 bytes JMP 000000016da4facc
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077c71b7c 5 bytes JMP 000000016da5616c
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000753a103d 5 bytes JMP 000000016da293a9
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000753a1072 5 bytes JMP 000000016da294e7
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000753a87b1 5 bytes JMP 000000015e9e856d
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000753cc9b5 5 bytes JMP 000000016da2971d
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000754200c3 5 bytes JMP 000000016da29efe
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007542016b 5 bytes JMP 000000016da2a231
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075422c91 5 bytes JMP 000000016da29aa0
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!AllocConsole 0000000075446b3e 5 bytes JMP 000000016da57431
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\kernel32.dll!AttachConsole 0000000075446c02 5 bytes JMP 000000016da57443
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765f2aa4 5 bytes JMP 000000016da2a43c
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075dc8a29 5 bytes JMP 000000016da57419
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075dcd22e 5 bytes JMP 000000016da57401
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007605d2b2 5 bytes JMP 000000016da37617
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 000000007605d7bb 5 bytes JMP 000000016da375fb
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000762e1e3a 7 bytes JMP 000000016da3a3b9
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000762eb466 7 bytes JMP 000000016da3b2da
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000763078ff 7 bytes JMP 000000016da3aa60
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000763079bb 7 bytes JMP 000000016da3ac11
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 000000007630a3e2 7 bytes JMP 000000016da3b3a0
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076322538 5 bytes JMP 000000016da2985f
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000076341b94 7 bytes JMP 000000016da3ab18
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000076341c31 7 bytes JMP 000000016da3acc9
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000076342021 7 bytes JMP 000000016da3b21c
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000076342104 7 bytes JMP 000000016da3a470
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000076342221 5 bytes JMP 000000016da3b15e
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075684d5c 7 bytes JMP 000000016da3a1fe
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075684dc3 7 bytes JMP 000000016da3a527
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000075684e4b 7 bytes JMP 000000016da3a28a
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000075684eaf 7 bytes JMP 000000016da3a31d
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000075684f35 7 bytes JMP 000000016da3a079
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!StartServiceA 000000007568508d 7 bytes JMP 000000016da3a10f
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000756850f4 7 bytes JMP 000000016da3b02c
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075685181 7 bytes JMP 000000016da3b0c8
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075685254 7 bytes JMP 000000016da3a728
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756853d5 7 bytes JMP 000000016da3a643
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756854c2 7 bytes JMP 000000016da3a9ca
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756855e2 7 bytes JMP 000000016da3a934
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007568567c 7 bytes JMP 000000016da39e5b
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007568589f 7 bytes JMP 000000016da39d85
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075685a22 7 bytes JMP 000000016da3a5b5
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000075685a83 7 bytes JMP 000000016da3ae5b
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000075685b29 7 bytes JMP 000000016da3adc2
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000075685ca0 7 bytes JMP 000000016da39535
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000075685d8c 7 bytes JMP 000000016da394bc
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000756863ad 7 bytes JMP 000000016da39a83
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000756864f0 7 bytes JMP 000000016da39b0f
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000075686633 7 bytes JMP 000000016da3af90
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007568680c 7 bytes JMP 000000016da3aef4
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 000000007568714b 7 bytes JMP 000000016da39bf8
.text C:\Windows\notepad.exe[6620] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075687245 7 bytes JMP 000000016da39c84
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076426143 5 bytes JMP 000000015ef1fa9a
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 000000007642c56e 5 bytes JMP 000000016da411c4
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007642ea09 7 bytes JMP 000000016da41795
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!OleRun 00000000764307de 5 bytes JMP 000000016da41650
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764321e1 5 bytes JMP 000000016da422c5
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!OleUninitialize 000000007643eba1 6 bytes JMP 000000016da4156f
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!OleInitialize 000000007643efd7 5 bytes JMP 000000016da414ff
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000764426b9 5 bytes JMP 000000016da4133c
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764554ad 5 bytes JMP 000000016da42853
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764609ad 5 bytes JMP 000000016da413af
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764686d3 5 bytes JMP 000000016da41431
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076469d0b 5 bytes JMP 000000016da43b21
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076469d4e 5 bytes JMP 000000016da41c5c
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007648bb09 7 bytes JMP 000000016da416c0
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 00000000764aeacf 5 bytes JMP 000000016da40c21
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 00000000764e340b 5 bytes JMP 000000016da42d13
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007652cfd9 5 bytes JMP 000000016da415da
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075cd3e59 5 bytes JMP 000000015ea197d1
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075cd3eae 5 bytes JMP 000000015ea27641
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075cd4731 5 bytes JMP 000000015ea265d9
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075cd5dee 5 bytes JMP 000000015ea4da4f
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000075d0279e 5 bytes JMP 000000016da40eb4
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000075d03294 5 bytes JMP 000000016da40fd5
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000075d18f40 5 bytes JMP 000000016da41048
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765c1465 2 bytes [5C, 76]
.text C:\Windows\notepad.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765c14bb 2 bytes [5C, 76]
.text ... * 2
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c6f9c0 5 bytes JMP 000000016da55f49
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 0000000077c6f9d8 5 bytes JMP 000000016da56411
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077c6fa08 5 bytes JMP 000000016da5016d
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077c6fa20 5 bytes JMP 000000016da4fbca
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077c6fa70 5 bytes JMP 000000016da4fa44
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077c6fa88 2 bytes JMP 000000016da4fb52
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 0000000077c6fa8b 2 bytes [DE, F5]
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077c6fb20 5 bytes JMP 000000016da50424
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077c6fc18 5 bytes JMP 000000016da54369
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077c6fd2c 5 bytes JMP 000000016da4f9cc
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c6fd44 5 bytes JMP 000000016da54959
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077c6fd78 5 bytes JMP 000000016da539de
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077c6fe24 5 bytes JMP 000000016da55fc4
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077c6fe3c 5 bytes JMP 000000016da54adb
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c70094 5 bytes JMP 000000016da54791
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077c701a4 5 bytes JMP 000000016da4fc42
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077c709c4 5 bytes JMP 000000016da54584
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077c709dc 5 bytes JMP 000000016da4cc5b
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077c70a24 5 bytes JMP 000000016da4cd29
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077c70b60 5 bytes JMP 000000016da4ccc2
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077c70f50 5 bytes JMP 000000016da4fcba
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c70f68 5 bytes JMP 000000016da4ff45
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077c70ff8 5 bytes JMP 000000016da501fd
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077c7131c 5 bytes JMP 000000016da54b6b
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077c7145c 5 bytes JMP 000000016da4fec9
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077c71508 5 bytes JMP 000000016da56389
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077c716f8 1 byte JMP 000000016da4d138
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2 0000000077c716fa 3 bytes {JMP 0xfffffffff5ddba40}
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077c71a38 5 bytes JMP 000000016da4facc
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077c71b7c 5 bytes JMP 000000016da5616c
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000753a103d 5 bytes JMP 000000016da293a9
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000753a1072 5 bytes JMP 000000016da294e7
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000753cc9b5 5 bytes JMP 000000016da2971d
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000754200c3 5 bytes JMP 000000016da29efe
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007542016b 5 bytes JMP 000000016da2a231
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075422c91 5 bytes JMP 000000016da29aa0
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!AllocConsole 0000000075446b3e 5 bytes JMP 000000016da57431
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\kernel32.dll!AttachConsole 0000000075446c02 5 bytes JMP 000000016da57443
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765f2aa4 5 bytes JMP 000000016da2a43c
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075dc8a29 5 bytes JMP 000000016da57419
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075dcd22e 5 bytes JMP 000000016da57401
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007605d2b2 5 bytes JMP 000000016da37617
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 000000007605d7bb 5 bytes JMP 000000016da375fb
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000762e1e3a 7 bytes JMP 000000016da3a3b9
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000762eb466 7 bytes JMP 000000016da3b2da
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000763078ff 7 bytes JMP 000000016da3aa60
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000763079bb 7 bytes JMP 000000016da3ac11
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 000000007630a3e2 7 bytes JMP 000000016da3b3a0
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076322538 5 bytes JMP 000000016da2985f
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000076341b94 7 bytes JMP 000000016da3ab18
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000076341c31 7 bytes JMP 000000016da3acc9
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000076342021 7 bytes JMP 000000016da3b21c
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000076342104 7 bytes JMP 000000016da3a470
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000076342221 5 bytes JMP 000000016da3b15e
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075684d5c 7 bytes JMP 000000016da3a1fe
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075684dc3 7 bytes JMP 000000016da3a527
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000075684e4b 7 bytes JMP 000000016da3a28a
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000075684eaf 7 bytes JMP 000000016da3a31d
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000075684f35 7 bytes JMP 000000016da3a079
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!StartServiceA 000000007568508d 7 bytes JMP 000000016da3a10f
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000756850f4 7 bytes JMP 000000016da3b02c
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075685181 7 bytes JMP 000000016da3b0c8
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075685254 7 bytes JMP 000000016da3a728
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756853d5 7 bytes JMP 000000016da3a643
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756854c2 7 bytes JMP 000000016da3a9ca
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756855e2 7 bytes JMP 000000016da3a934
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007568567c 7 bytes JMP 000000016da39e5b
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007568589f 7 bytes JMP 000000016da39d85
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075685a22 7 bytes JMP 000000016da3a5b5
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000075685a83 7 bytes JMP 000000016da3ae5b
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000075685b29 7 bytes JMP 000000016da3adc2
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000075685ca0 7 bytes JMP 000000016da39535
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000075685d8c 7 bytes JMP 000000016da394bc
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000756863ad 7 bytes JMP 000000016da39a83
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000756864f0 7 bytes JMP 000000016da39b0f
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000075686633 7 bytes JMP 000000016da3af90
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007568680c 7 bytes JMP 000000016da3aef4
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 000000007568714b 7 bytes JMP 000000016da39bf8
.text C:\Windows\notepad.exe[7932] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075687245 7 bytes JMP 000000016da39c84
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 000000007642c56e 5 bytes JMP 000000016da411c4
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007642ea09 7 bytes JMP 000000016da41795
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!OleRun 00000000764307de 5 bytes JMP 000000016da41650
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764321e1 5 bytes JMP 000000016da422c5
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!OleUninitialize 000000007643eba1 6 bytes JMP 000000016da4156f
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!OleInitialize 000000007643efd7 5 bytes JMP 000000016da414ff
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000764426b9 5 bytes JMP 000000016da4133c
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764554ad 5 bytes JMP 000000016da42853
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764609ad 5 bytes JMP 000000016da413af
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764686d3 5 bytes JMP 000000016da41431
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076469d0b 5 bytes JMP 000000016da43b21
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076469d4e 5 bytes JMP 000000016da41c5c
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007648bb09 7 bytes JMP 000000016da416c0
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 00000000764aeacf 5 bytes JMP 000000016da40c21
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 00000000764e340b 5 bytes JMP 000000016da42d13
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007652cfd9 5 bytes JMP 000000016da415da
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000075d0279e 5 bytes JMP 000000016da40eb4
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000075d03294 5 bytes JMP 000000016da40fd5
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000075d18f40 5 bytes JMP 000000016da41048
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765c1465 2 bytes [5C, 76]
.text C:\Windows\notepad.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765c14bb 2 bytes [5C, 76]
.text ... * 2
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ac1400 8 bytes JMP 000000016fff02b8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077ac1410 8 bytes JMP 000000016fff0838
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 0000000077ac1430 8 bytes JMP 000000016fff0158
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 0000000077ac1440 8 bytes JMP 000000016fff04c8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey 0000000077ac1470 8 bytes JMP 000000016fff03c0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077ac1480 8 bytes JMP 000000016fff0470
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077ac14e0 8 bytes JMP 000000016fff0310
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077ac1580 8 bytes JMP 000000016fff0aa0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 0000000077ac1630 8 bytes JMP 000000016fff0368
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077ac1640 8 bytes JMP 000000016fff0890
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 0000000077ac1660 8 bytes JMP 000000016fff0a48
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ac16d0 8 bytes JMP 000000016fff07e0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077ac16e0 8 bytes JMP 000000016fff0998
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ac1860 8 bytes JMP 000000016fff08e8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ac1910 8 bytes JMP 000000016fff0520
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077ac1e60 8 bytes JMP 000000016fff0940
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077ac1e70 8 bytes JMP 000000016fff0208
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077ac1ea0 8 bytes JMP 000000016fff0578
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey 0000000077ac1f70 8 bytes JMP 000000016fff0260
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077ac21f0 1 byte JMP 000000016fff0680
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 2 0000000077ac21f2 6 bytes {JMP 0xfffffffff852e490}
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077ac2200 8 bytes JMP 000000016fff06d8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 0000000077ac2260 8 bytes JMP 000000016fff01b0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077ac2470 8 bytes JMP 000000016fff09f0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 0000000077ac2540 8 bytes JMP 000000016fff0628
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject 0000000077ac25b0 8 bytes JMP 000000016fff0730
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 0000000077ac26f0 8 bytes JMP 000000016fff05d0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey 0000000077ac2900 8 bytes JMP 000000016fff0418
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 0000000077ac29d0 8 bytes JMP 000000016fff0788
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775aa420 12 bytes JMP 000000016fff0d60
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775c1b50 12 bytes JMP 000000016fff0c58
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!SetDllDirectoryW 00000000775ed890 6 bytes JMP 000000016fff0db8
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!SetDllDirectoryA 0000000077603380 6 bytes JMP 000000016fff0e10
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!AttachConsole 0000000077625980 9 bytes JMP 000000016fff0c00
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!AllocConsole 0000000077625a70 9 bytes JMP 000000016fff0ba8
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077638810 7 bytes JMP 000000016fff0cb0
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\kernel32.dll!WinExec 0000000077638d50 7 bytes JMP 000000016fff0d08
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfa9940 6 bytes JMP 000007feff9014f0
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\GDI32.dll!AddFontResourceW 000007feff564834 5 bytes JMP 000007feff900838
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\GDI32.dll!AddFontResourceA 000007feff57900c 5 bytes JMP 000007feff9007e0
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007feff471440 5 bytes JMP 000007feff900e68
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007feff47c570 7 bytes JMP 000007feff900fc8
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007feff493e40 7 bytes JMP 000007feff901128
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007feff493f10 7 bytes JMP 000007feff901078
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff4ba1a0 7 bytes JMP 000007feff901498
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007feff4bce80 5 bytes JMP 000007feff900ec0
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007feff4bcff0 7 bytes JMP 000007feff901020
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007feff4bd1f0 7 bytes JMP 000007feff900f70
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007feff4bd5f0 7 bytes JMP 000007feff900f18
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007feff4bd950 9 bytes JMP 000007feff901180
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007feff4bd9e0 9 bytes JMP 000007feff9010d0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff8e642c 9 bytes JMP 000007feff900af8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff8e6484 7 bytes JMP 000007feff900940
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff8e6518 7 bytes JMP 000007feff9009f0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007feff8e659c 7 bytes JMP 000007feff900890
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007feff8e6730 7 bytes JMP 000007feff9013e8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007feff8e6784 6 bytes JMP 000007feff901440
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007feff8e6824 9 bytes JMP 000007feff900a48
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007feff8e6aa4 7 bytes JMP 000007feff9008e8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff8e6c34 7 bytes JMP 000007feff900998
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007feff8e6d00 9 bytes JMP 000007feff900aa0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007feff8e6d58 5 bytes JMP 000007feff901338
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff8e6e00 1 byte JMP 000007feff901390
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity + 2 000007feff8e6e02 5 bytes {JMP 0x1a590}
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff8e6f2c 7 bytes JMP 000007feff900d60
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff8e7220 7 bytes JMP 000007feff900d08
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff8e739c 7 bytes JMP 000007feff900e10
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff8e7538 7 bytes JMP 000007feff900db8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff8e75e8 7 bytes JMP 000007feff900c58
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff8e790c 7 bytes JMP 000007feff900c00
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff8e7ab4 7 bytes JMP 000007feff900cb0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007feff8e7b04 5 bytes JMP 000007feff901230
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007feff8e7c34 5 bytes JMP 000007feff9011d8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007feff8e7d78 7 bytes JMP 000007feff9012e0
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007feff8e8244 7 bytes JMP 000007feff901288
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA 000007feff8e8b00 7 bytes JMP 000007feff900ba8
.text C:\Windows\splwow64.exe[17332] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW 000007feff8e8c38 7 bytes JMP 000007feff900b50
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\oleaut32.dll!RevokeActiveObject 000007feff366700 5 bytes JMP 000007feff900418
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\oleaut32.dll!GetActiveObject 000007feff37c1e0 5 bytes JMP 000007feff900470
.text C:\Windows\splwow64.exe[17332] C:\Windows\system32\oleaut32.dll!RegisterActiveObject 000007feff37c260 7 bytes JMP 000007feff9003c0
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [6264] 0000000001370000
Library C:\Program Files (x86)\IMinent Toolbar\TbCommonUtils.dll (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [6264] 0000000074670000
Library Q:\140066.deu\Office14\EXCELC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000002f060000
Library Q:\140066.deu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000006a200000
Library Q:\140066.deu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000005fbb0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000005e9e0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 0000000069de0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 0000000069600000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 0000000069c90000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSORES.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000005a4b0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\USP10.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\EXCELC.EXE [6620] 000000006d8e0000
Library Q:\140066.deu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [7932] 000000002d370000
Library Q:\140066.deu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [7932] 000000006aeb0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1810D142-8C3F-44B0-B690-517959AFF248}\Connection@Name isatap.{34B17D51-E4AF-4934-89B4-A76D747F0BEC}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{65B344FB-95F7-4075-8F27-E44C7F30309F}?\Device\{1ABBF554-4D6E-4CC1-B36E-4D1BEFA78D12}?\Device\{1810D142-8C3F-44B0-B690-517959AFF248}?\Device\{E9FE0092-F9DC-4B9C-9EF1-95DC84208103}?\Device\{FFA9105C-3050-4D74-8BB7-BB927824F485}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{65B344FB-95F7-4075-8F27-E44C7F30309F}"?"{1ABBF554-4D6E-4CC1-B36E-4D1BEFA78D12}"?"{1810D142-8C3F-44B0-B690-517959AFF248}"?"{E9FE0092-F9DC-4B9C-9EF1-95DC84208103}"?"{FFA9105C-3050-4D74-8BB7-BB927824F485}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{65B344FB-95F7-4075-8F27-E44C7F30309F}?\Device\TCPIP6TUNNEL_{1ABBF554-4D6E-4CC1-B36E-4D1BEFA78D12}?\Device\TCPIP6TUNNEL_{1810D142-8C3F-44B0-B690-517959AFF248}?\Device\TCPIP6TUNNEL_{E9FE0092-F9DC-4B9C-9EF1-95DC84208103}?\Device\TCPIP6TUNNEL_{FFA9105C-3050-4D74-8BB7-BB927824F485}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9edaa32
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1810D142-8C3F-44B0-B690-517959AFF248}@InterfaceName isatap.{34B17D51-E4AF-4934-89B4-A76D747F0BEC}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1810D142-8C3F-44B0-B690-517959AFF248}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@ClientLocalPort 60708
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@TeredoAddress 2001:0:5ef5:79fd:2463:12db:6dcb:91f9
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 2732
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1161
Reg HKLM\SYSTEM\CurrentControlSet\services\SRTSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\SRTSP
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9edaa32 (not active ControlSet)
---- EOF - GMER 2.1 ----
Schon einmal Danke im Vorraus Grüße, Steini |
|
11.04.2013, 09:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Hallo,
__________________Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.04.2013, 23:56
| #3 |
| | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Dieses Forum ist Wahnsinn!
__________________Noch kein einziger Fix vorgenommen und Probleme trotzdem schon gelöst  Nein mal im Ernst. Ich bin wirklich urplötzlich alle Probleme los. Kann ich mir nur damit erklären, dass ich gestern Windows Updates gemacht hab, kann das damit zusammen hängen? Habe aber nach den Updates auch nicht wirklich dran gedacht zu überprüfen ob die Probleme weg sind, weil ich nicht gedacht hätte das sich das alles so einfach löst. Ist mir gerade erst jetzt aufgefallen, Weil beim durchlesen der Schritte hier hat das nervige Werbefenster unten links gefehlt. Gefunden wurde wie ich das sehe auch nur ein was, vom TDSSkiller. Wie auch immer. Hier trotzdem die Logs: (TDSSkiller - Log im Anhang, da zu groß.) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steini :: HP-STEINI [administrator]
11.04.2013 23:46:32
mbar-log-2013-04-11 (23-46-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29396
Time elapsed: 13 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 23:47:20
-----------------------------
23:47:20.146 OS Version: Windows x64 6.1.7601 Service Pack 1
23:47:20.146 Number of processors: 8 586 0x3A09
23:47:20.146 ComputerName: HP-STEINI UserName: Steini
23:47:21.846 Initialize success
00:15:55.351 AVAST engine defs: 13041101
00:18:34.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:18:34.456 Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 8
00:18:34.580 Disk 0 MBR read successfully
00:18:34.580 Disk 0 MBR scan
00:18:34.596 Disk 0 Windows 7 default MBR code
00:18:34.596 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:18:34.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 930848 MB offset 409600
00:18:34.658 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22718 MB offset 1906786304
00:18:34.674 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1953312768
00:18:34.830 Disk 0 scanning C:\Windows\system32\drivers
00:18:44.440 Service scanning
00:19:21.271 Modules scanning
00:19:21.271 Disk 0 trace - called modules:
00:19:21.318 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
00:19:21.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007318790]
00:19:21.334 3 CLASSPNP.SYS[fffff88001dd043f] -> nt!IofCallDriver -> [0xfffffa8008324b10]
00:19:21.334 5 hpdskflt.sys[fffff88001d77379] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8009638050]
00:19:22.956 AVAST engine scan C:\Windows
00:19:25.780 AVAST engine scan C:\Windows\system32
00:21:36.914 AVAST engine scan C:\Windows\system32\drivers
00:21:55.743 AVAST engine scan C:\Users\Steini
00:24:20.027 AVAST engine scan C:\ProgramData
00:25:05.392 Scan finished successfully
00:29:13.044 Disk 0 MBR has been saved successfully to "C:\Users\Steini\Desktop\MBR.dat"
00:29:13.044 The log file has been saved successfully to "C:\Users\Steini\Desktop\aswMBR.txt"
|
|
22.04.2013, 20:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2013, 11:36
| #5 |
| | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen FirefoxCode:
ATTFilter ComboFix 13-04-22.01 - Steini 23.04.2013 6:19.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8091.5608 [GMT 2:00]
ausgeführt von:: c:\users\Steini\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache86\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-23 bis 2013-04-23 ))))))))))))))))))))))))))))))
.
.
2013-04-23 04:44 . 2013-04-23 04:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-23 04:44 . 2013-04-23 04:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-23 04:44 . 2013-04-23 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 20:16 . 2013-04-22 20:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-22 20:16 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 20:12 . 2013-04-22 20:12 -------- d-----w- c:\programdata\McAfee Security Scan
2013-04-22 20:12 . 2013-04-22 20:12 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-04-22 18:53 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-04-22 18:50 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-22 18:50 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-22 18:50 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-22 18:50 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-22 18:50 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-22 18:50 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-22 18:50 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-22 18:50 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-22 18:50 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-16 16:39 . 2013-04-16 16:39 -------- d-----w- c:\users\Steini\AppData\Roaming\ICQM
2013-04-16 16:39 . 2013-04-16 16:41 -------- d-----w- c:\users\Steini\AppData\Roaming\ICQ-Profile
2013-04-10 10:55 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 10:55 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 10:55 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:55 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 10:55 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 10:55 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:55 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 10:55 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 10:55 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 18:34 . 2013-04-09 18:34 -------- d-----w- c:\users\Steini\AppData\Local\HP
2013-04-09 18:22 . 2013-04-09 18:22 -------- d-----w- c:\users\Steini\AppData\Roaming\IDT
2013-04-08 23:04 . 2013-04-08 23:04 -------- d-----w- c:\users\Steini\AppData\Local\PutLockerDownloader
2013-04-08 23:04 . 2013-04-08 23:04 -------- d-----w- c:\program files (x86)\Gophoto.it
2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\windows\Sun
2013-03-26 11:46 . 2013-03-26 11:45 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-26 11:46 . 2013-03-26 11:45 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-26 11:45 . 2013-04-22 20:16 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 20:12 . 2012-02-24 09:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-22 20:12 . 2012-02-24 09:23 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 17:58 . 2013-01-30 13:32 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-02-27 12:22 . 2013-02-27 12:22 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-27 12:22 . 2013-02-27 12:22 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-27 12:22 . 2013-02-27 12:22 30496 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-02-27 12:22 . 2013-02-27 12:22 20450080 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-27 12:22 . 2013-02-27 12:22 7565088 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-27 12:22 . 2013-02-27 12:22 26931488 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-27 12:22 . 2013-02-27 12:22 15129448 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-27 12:22 . 2013-02-27 12:22 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-27 12:22 . 2013-02-27 12:22 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-27 12:22 . 2012-08-06 13:14 2824504 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-27 12:22 . 2013-02-27 12:22 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-27 12:22 . 2013-02-27 12:22 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-27 12:22 . 2013-02-27 12:22 11009312 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-27 12:22 . 2013-02-27 12:22 2344736 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-27 12:22 . 2013-02-27 12:22 15052728 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-27 12:22 . 2012-08-06 13:14 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-27 12:22 . 2013-02-27 12:22 6263632 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-27 12:22 . 2012-08-06 13:14 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-27 12:22 . 2012-08-06 13:14 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-27 12:22 . 2013-02-27 12:22 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-27 12:22 . 2013-02-27 12:22 18054672 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-27 12:22 . 2013-02-27 12:22 12641480 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-27 12:22 . 2013-02-27 12:22 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-27 12:22 . 2013-02-27 12:22 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-27 12:22 . 2013-02-27 12:22 2504096 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-27 12:22 . 2013-02-27 12:22 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-12 05:45 . 2013-03-12 21:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 21:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 21:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 21:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 21:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 21:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-18 23:08 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE" [2012-02-29 283232]
"icq"="c:\users\Steini\AppData\Roaming\ICQM\icq.exe" [2013-04-16 27598184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-11-29 576568]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-5 1338656]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [2011-11-07 46728]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-27 30496]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-28 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130420.001\IDSvia64.sys [2012-10-09 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-02-21 151648]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-24 31040]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-03 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-10 138912]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2011-12-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2011-10-14 20016]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-24 20:12]
.
2013-04-22 c:\windows\Tasks\HPCeeScheduleForSteini.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Steini\AppData\Roaming\Mozilla\Firefox\Profiles\nar1bxrf.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-09 15:39; antigameorigin@antigame.de; c:\users\Steini\AppData\Roaming\Mozilla\Firefox\Profiles\nar1bxrf.default\extensions\antigameorigin@antigame.de.xpi
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-23 12:20:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-23 10:20
ComboFix2.txt 2013-02-01 00:27
.
Vor Suchlauf: 14 Verzeichnis(se), 681.722.179.584 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 681.750.073.344 Bytes frei
.
- - End Of File - - 4131B1AC309BF3B328BBC8C17F952BD7
|
|
23.04.2013, 16:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox |
|
23.04.2013, 19:42
| #7 |
| | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Vorerst EDIT: Habe mich nochmal versucht schlau zu machen. Vorhin fiel mir auf, dass während der Browser lädt, er nicht nur versucht sich mit imgads.night-hawk.net zu verbinden, sondern auch mit findallyouneed.org. Bei der Suche im Internet nach dieser Adresse bin ich fündig geworden. Jemand beschrieb genau das selbe Problem und hatte sich - scheinbar von einer nicht vertrauenswürdigen Seite - das Firefox Addon Flash Player herunter geladen. Dieses entfernt, war das Problem gelöst. Genauso nun bei mir, Addon entfernt, Problem wieder los. Ich habe in den letzten Tagen auch ein Update des Adobe Flash Players gemacht, kann sehr gut sein, dass seit diesem Zeitpunkt das Problem auch wieder bestand. Bin mir natürlich auch nicht sicher, ob dieses Addon durch das Adobe Flash Player Update herunter geladen wurde oder vielleicht durch eine ganz andere Aktion. Die Symptome sind jedenfalls erstmal wieder verschwunden, ob die Wurzel allen Übels entfernt wurde, weiß ich leider nicht. Hier die Logs: (wurden erstellt, bevor ich das Addon entfernt hab!) JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Steini on 23.04.2013 at 19:17:18,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F29DC52A-10C1-41A0-B417-AD867D262592}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F29DC52A-10C1-41A0-B417-AD867D262592}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Steini\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Users\Steini\appdata\locallow\simplytech"
Successfully deleted: [Empty Folder] C:\Users\Steini\appdata\local\{458EAC87-61B5-4CD2-8A8B-57F8E3FC7245}
Successfully deleted: [Empty Folder] C:\Users\Steini\appdata\local\{D96576B2-4AD1-42F0-91B4-4138EF4998CD}
Successfully deleted: [Empty Folder] C:\Users\Steini\appdata\local\{DB240D25-A62A-458C-BBBE-3CE06FB6B038}
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\user.js
Successfully deleted: [File] "C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\DivXWebPlayer@divx.com.xpi"
Successfully deleted: [Folder] C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\jetpack
Successfully deleted the following from C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\prefs.js
user_pref("TAAS.uri", "nrrv<))aoaotoas(eik)l(vnv9s;");
user_pref("extensions.antigameorigin@antigame.de.AGO_DE_UNI101_141505_Current", "{\"version\":1,\"I31\":1,\"I33\":1,\"I34\":1,\"I35\":1,\"E23\":1,\"delta\":528,\"Notify\":1,\"
user_pref("extensions.antigameorigin@antigame.de.AGO_DE_UNI105_207988_Current", "{\"version\":1,\"I31\":1,\"I33\":1,\"I34\":1,\"I35\":1,\"E23\":1,\"delta\":-359,\"Notify\":0,\
user_pref("extensions.antigameorigin@antigame.de.AGO_DE_UNI115_147884_Current", "{\"version\":1,\"I31\":1,\"I33\":1,\"I34\":1,\"I35\":1,\"E23\":1,\"delta\":556,\"Notify\":6,\"
user_pref("extensions.antigameorigin@antigame.de.AGO_DE_UNI70_163112_Current", "{\"version\":1,\"I31\":1,\"I33\":1,\"I34\":1,\"I35\":1,\"E23\":1,\"delta\":-306,\"Notify\":6,\"
user_pref("extensions.crossrider.bic", "13b50d3c1dc2bbed04c24cd277e8af46");
Emptied folder: C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\minidumps [42 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2013 at 19:20:20,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 23/04/2013 um 20:13:44 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Steini - HP-STEINI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steini\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Steini\AppData\Roaming\Mozilla\Firefox\Profiles\nar1bxrf.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Ordner Gelöscht : C:\Users\Steini\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Steini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Steini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
Ordner Gelöscht : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DownTangoFTToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DownTangoFTToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q=%s --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q=%s --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Steini\AppData\Roaming\Mozilla\Firefox\Profiles\nar1bxrf.default\prefs.js
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "2b709f1e-40d8-406b-9cc0-df7255c56eac");
*************************
AdwCleaner[S1].txt - [43100 octets] - [31/01/2013 04:13:38]
AdwCleaner[S2].txt - [13264 octets] - [23/04/2013 20:13:44]
########## EOF - C:\AdwCleaner[S2].txt - [13325 octets] ##########
Code:
ATTFilter OTL logfile created on: 23.04.2013 20:19:44 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steini\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 73,13% Memory free 15,80 Gb Paging File | 13,56 Gb Available in Paging File | 85,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 909,03 Gb Total Space | 634,50 Gb Free Space | 69,80% Space Free | Partition Type: NTFS Drive D: | 22,19 Gb Total Space | 2,36 Gb Free Space | 10,63% Space Free | Partition Type: NTFS Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 15,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 13,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HP-STEINI | User Name: Steini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Users\Steini\AppData\Roaming\ICQM\icq.exe (ICQ) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\Steini\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.) PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Users\Steini\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (REN2CAP_DRIVER) -- C:\Windows\SysNative\drivers\ren2cap.sys () DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys (Symantec Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130423.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130423.003\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130420.001\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C660B190-4D7B-4859-91B0-5F18ED7AC738}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013.04.23 20:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.04.23 20:15:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.28 22:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 17:24:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 17:24:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 23:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\Extensions [2013.04.23 19:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\Firefox\Profiles\nar1bxrf.default\extensions [2013.04.09 17:38:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Steini\AppData\Roaming\mozilla\Firefox\Profiles\nar1bxrf.default\extensions\ich@maltegoetz.de [2013.04.20 08:59:33 | 001,017,951 | ---- | M] () (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\antigameorigin@antigame.de.xpi [2013.01.16 23:05:57 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi [2012.11.09 11:36:49 | 000,006,522 | ---- | M] () -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\searchplugins\pcpmngr.xml [2012.11.30 12:18:45 | 000,002,089 | ---- | M] () -- C:\Users\Steini\AppData\Roaming\mozilla\firefox\profiles\nar1bxrf.default\searchplugins\Startpins.xml [2013.04.12 17:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 17:24:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.23 12:17:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O3 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-1341323645-3176316214-919008384-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX230" File not found O4 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001..\Run: [icq] C:\Users\Steini\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-1341323645-3176316214-919008384-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1341323645-3176316214-919008384-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1341323645-3176316214-919008384-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C442D40-AB7E-45EE-918A-C7D60DD9C88A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33A462B-903F-469E-8B78-1F8C51438511}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.18 14:40:03 | 000,000,069 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.22 18:40:18 | 000,000,024 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 008,533,584 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 000,387,878 | R--- | M] () - I:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2012.11.21 15:10:20 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.11.14 00:34:21 | 000,000,058 | R--- | M] () - J:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 19:17:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.23 19:17:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.23 19:15:24 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Steini\Desktop\JRT.exe [2013.04.23 12:20:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.23 12:17:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.04.22 22:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.22 22:16:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.22 22:16:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.22 22:16:16 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.22 22:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.04.22 22:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.04.22 22:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.04.22 22:02:33 | 005,058,971 | R--- | C] (Swearware) -- C:\Users\Steini\Desktop\ComboFix.exe [2013.04.22 20:55:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.22 20:55:12 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.22 20:55:12 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.22 20:55:12 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.22 20:55:12 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.22 20:55:12 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.22 20:55:12 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.22 20:55:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.22 20:55:12 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.22 20:55:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.22 20:55:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.22 20:55:12 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.22 20:55:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.22 20:55:12 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.22 20:55:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.22 20:55:12 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.22 20:55:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.22 20:55:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.22 20:55:12 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.22 20:55:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.22 20:55:12 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.22 20:55:12 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.22 20:55:12 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.22 20:55:12 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.22 20:55:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.22 20:55:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.22 20:55:12 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.22 20:55:12 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.22 20:55:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.22 20:55:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.22 20:55:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.22 20:55:12 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.22 20:55:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.22 20:55:12 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.22 20:55:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.22 20:55:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.22 20:55:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.22 20:55:12 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.22 20:55:12 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.22 20:55:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.22 20:55:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.22 20:55:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.22 20:55:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.22 20:55:12 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.22 20:55:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.22 20:55:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.22 20:55:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.22 20:55:12 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.22 20:55:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.22 20:55:12 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.22 20:55:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.22 20:55:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.22 20:55:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.22 20:55:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.22 20:55:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.22 20:55:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.22 20:55:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.22 20:55:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.22 20:55:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.22 20:55:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.22 20:55:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.22 20:55:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.22 20:55:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.22 20:55:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.22 20:55:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.22 20:55:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.22 20:55:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.22 20:55:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.22 20:53:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.04.22 20:53:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.04.22 20:53:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.04.22 20:53:21 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.04.22 20:53:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.04.22 20:53:21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.04.22 20:53:20 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.22 20:53:20 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.22 20:53:20 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.04.22 20:53:20 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.04.22 20:53:20 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.04.22 20:53:20 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.04.22 20:53:20 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.22 20:53:20 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.22 20:53:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.04.22 20:53:20 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.04.22 20:53:20 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.04.22 20:53:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.04.22 20:53:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.04.22 20:53:20 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.04.22 20:53:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.22 20:53:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.04.22 20:53:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.22 20:53:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.04.22 20:53:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.04.22 20:50:02 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.04.22 20:50:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.04.22 20:50:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.04.16 18:39:58 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.04.16 18:39:50 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\ICQM [2013.04.16 18:39:45 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\ICQ-Profile [2013.04.12 17:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 23:28:51 | 000,000,000 | ---D | C] -- C:\Users\Steini\Desktop\mbar [2013.04.11 23:27:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steini\Desktop\tdsskiller(1).exe [2013.04.11 19:53:37 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Steini\Desktop\aswMBR.exe [2013.04.10 12:55:33 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 12:55:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 12:55:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 12:55:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 12:55:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 12:55:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Local\HP [2013.04.09 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\Steini\AppData\Roaming\IDT [2013.04.02 18:41:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.03.26 13:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.26 13:46:24 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.26 13:46:24 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.26 13:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.23 20:23:20 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 20:23:20 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 20:22:05 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 20:22:05 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 20:22:05 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 20:22:05 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 20:22:05 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 20:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.23 20:15:37 | 2068,295,679 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 20:13:10 | 000,008,578 | ---- | M] () -- C:\Users\Steini\Documents\Ogame Uni 70.ods [2013.04.23 20:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 19:22:25 | 000,619,461 | ---- | M] () -- C:\Users\Steini\Desktop\adwcleaner.exe [2013.04.23 19:15:24 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Steini\Desktop\JRT.exe [2013.04.23 12:17:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.22 22:12:18 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 22:12:18 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.04.22 22:12:15 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.22 22:12:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.22 22:07:53 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteini.job [2013.04.22 22:02:34 | 005,058,971 | R--- | M] (Swearware) -- C:\Users\Steini\Desktop\ComboFix.exe [2013.04.22 20:55:12 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.22 20:55:12 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.22 20:55:12 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.22 20:55:12 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.22 20:55:12 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.22 20:55:12 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.22 20:55:12 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.22 20:55:12 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.22 20:55:12 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.22 20:55:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.22 20:55:12 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.22 20:55:12 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.22 20:55:12 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.22 20:55:12 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.22 20:55:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.22 20:55:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.22 20:55:12 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.22 20:55:12 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.22 20:55:12 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.22 20:55:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.22 20:55:12 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.22 20:55:12 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.22 20:55:12 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.22 20:55:12 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.22 20:55:12 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.22 20:55:12 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.22 20:55:12 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.22 20:55:12 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.22 20:55:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.22 20:55:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.22 20:55:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.22 20:55:12 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.22 20:55:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.22 20:55:12 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.22 20:55:12 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.22 20:55:12 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.22 20:55:12 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.22 20:55:12 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.22 20:55:12 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.22 20:55:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.22 20:55:12 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.22 20:55:12 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.22 20:55:12 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.22 20:55:12 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.22 20:55:12 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.22 20:55:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.22 20:55:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.22 20:55:12 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.22 20:55:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.22 20:55:12 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.22 20:55:12 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.22 20:55:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.22 20:55:12 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.22 20:55:12 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.22 20:55:12 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.22 20:55:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.22 20:55:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.22 20:55:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.22 20:55:12 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.22 20:55:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.22 20:55:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.22 20:55:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.22 20:55:12 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.22 20:55:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.22 20:55:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.22 20:55:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.22 20:55:12 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.22 20:55:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.22 20:55:12 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.22 20:55:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.21 22:39:27 | 000,791,829 | ---- | M] () -- C:\Users\Steini\Desktop\naruba spieler ogame.png [2013.04.20 12:18:47 | 000,214,260 | ---- | M] () -- C:\Users\Steini\Desktop\Tabelle.png [2013.04.17 01:01:30 | 000,004,938 | ---- | M] () -- C:\Users\Steini\Documents\Darknis111.odt [2013.04.16 18:39:58 | 000,001,806 | ---- | M] () -- C:\Users\Steini\Desktop\ICQ.lnk [2013.04.16 00:09:14 | 000,529,586 | ---- | M] () -- C:\Users\Steini\Desktop\ogame raid.png [2013.04.12 17:47:37 | 000,005,520 | ---- | M] () -- C:\Users\Steini\Documents\Versicherungsschreiben Unfall.odt [2013.04.12 00:55:00 | 000,032,335 | ---- | M] () -- C:\Users\Steini\Desktop\TDSSKiller.2.8.16.0_12.04.2013_00.29.32_log.rar [2013.04.12 00:29:13 | 000,000,512 | ---- | M] () -- C:\Users\Steini\Desktop\MBR.dat [2013.04.11 23:28:04 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steini\Desktop\tdsskiller(1).exe [2013.04.11 23:20:57 | 012,894,739 | ---- | M] () -- C:\Users\Steini\Desktop\mbar-1.01.0.1022.zip [2013.04.11 19:55:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Steini\Desktop\aswMBR.exe [2013.04.11 03:18:45 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:50:08 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 13:48:34 | 000,121,437 | ---- | M] () -- C:\Users\Steini\Desktop\Malware 2.jpg [2013.04.10 13:43:44 | 000,284,651 | ---- | M] () -- C:\Users\Steini\Desktop\Malware.jpg [2013.04.10 02:57:11 | 1562,073,126 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.09 18:41:50 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.09 18:40:04 | 000,085,984 | ---- | M] () -- C:\Users\Steini\Documents\cc_20130409_183951.reg [2013.04.09 17:58:21 | 000,377,856 | ---- | M] () -- C:\Users\Steini\Desktop\gmer_2.1.19163.exe [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.26 22:56:22 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.26 13:45:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.26 13:45:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.23 19:22:25 | 000,619,461 | ---- | C] () -- C:\Users\Steini\Desktop\adwcleaner.exe [2013.04.22 22:12:18 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 22:12:18 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.04.22 20:55:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.22 20:55:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.21 22:39:27 | 000,791,829 | ---- | C] () -- C:\Users\Steini\Desktop\naruba spieler ogame.png [2013.04.20 12:15:53 | 000,214,260 | ---- | C] () -- C:\Users\Steini\Desktop\Tabelle.png [2013.04.16 20:43:08 | 000,004,938 | ---- | C] () -- C:\Users\Steini\Documents\Darknis111.odt [2013.04.16 18:39:58 | 000,001,806 | ---- | C] () -- C:\Users\Steini\Desktop\ICQ.lnk [2013.04.16 00:09:14 | 000,529,586 | ---- | C] () -- C:\Users\Steini\Desktop\ogame raid.png [2013.04.12 17:47:34 | 000,005,520 | ---- | C] () -- C:\Users\Steini\Documents\Versicherungsschreiben Unfall.odt [2013.04.12 00:55:00 | 000,032,335 | ---- | C] () -- C:\Users\Steini\Desktop\TDSSKiller.2.8.16.0_12.04.2013_00.29.32_log.rar [2013.04.12 00:29:13 | 000,000,512 | ---- | C] () -- C:\Users\Steini\Desktop\MBR.dat [2013.04.11 23:16:09 | 012,894,739 | ---- | C] () -- C:\Users\Steini\Desktop\mbar-1.01.0.1022.zip [2013.04.10 13:48:34 | 000,121,437 | ---- | C] () -- C:\Users\Steini\Desktop\Malware 2.jpg [2013.04.10 13:43:44 | 000,284,651 | ---- | C] () -- C:\Users\Steini\Desktop\Malware.jpg [2013.04.10 02:57:11 | 1562,073,126 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.09 18:39:57 | 000,085,984 | ---- | C] () -- C:\Users\Steini\Documents\cc_20130409_183951.reg [2013.04.09 17:58:21 | 000,377,856 | ---- | C] () -- C:\Users\Steini\Desktop\gmer_2.1.19163.exe [2013.04.09 01:04:44 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.03 18:45:24 | 000,008,578 | ---- | C] () -- C:\Users\Steini\Documents\Ogame Uni 70.ods [2013.04.01 23:58:57 | 002,474,942 | ---- | C] () -- C:\Users\Steini\Documents\Shades of Grey 01 - Geheimes Verlangen - E L James.rtf [2013.02.01 02:17:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.01 02:17:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.01 02:17:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.01 02:17:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.01 02:17:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.07 21:58:54 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.07 21:58:46 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.11 01:37:03 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.12.11 01:34:21 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.12.05 14:38:39 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe [2012.11.21 15:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.07 17:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\apache.dll [2012.10.24 13:17:01 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.10.10 20:14:51 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.09 20:04:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.08.06 15:25:20 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.08.06 15:13:23 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.06 15:13:22 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.06 15:13:21 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.06 15:13:20 | 013,001,728 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Geändert von BöhserSteini (23.04.2013 um 20:09 Uhr) |
|
23.04.2013, 23:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware Infizierung "page has moved, redirecting...", Werbeeinblendungen Firefox |
| 4d36e972-e325-11ce-bfc1-08002be10318, autorun, bho, browser, ccsetup, cursor, firefox, flash player, google, home, iminent toolbar, internet, kompetent, launch, logfile, malware, mausklick, mozilla, nodrives, ntdll.dll, ntopenkeyex, nvpciflt.sys, object, plug-in, problem, realtek, registry, scan, security, software, symantec, teredo, trojaner, trojaner board, tunnel, usb, usp10.dll, werbung, wildtangent games, windows, wörter |
WARNUNG an die MITLESER: 
Linear-Darstellung
