| |
| |||||||
Log-Analyse und Auswertung: Delta-Search durch J-Downloader eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.04.2013, 17:23
| #1 |
| |  Delta-Search durch J-Downloader eingefangen Habe mir leider grade durch Download des JDownloaders das Delta Search Tool eingefangen. Da ich von den tausenden Vorschlägen bei Google erschlagen wurde, möchte ich lieber gleich bei den Profis fragen bevor ich mehr kaputt mache als heile. Werde jetzt Logfiles etc. mal hochladen, vielleicht hat ja mal wer Zeit kurz drüber zu schauen. Ich nutze größtenteils den Firefox und da hat sich das Tool netterweise einmal komplett eingenistet, samt Startseite und Standartsuche... Vor der Toolbar konnte ich mich zum Glück im letzten moment retten, die wurde nicht Installiert. Ich habe bisher noch keine Schritte dagegen eingeleitet. Weder Programme versucht zu deinstallieren noch sonstiges, habe noch eine 2. möglichkeit online zu gehen, daher bin ich nicht zwingend sofort auf das Notebook angewiesen. Würde mich jedoch über schnelle Hilfe gegen die Quälgeister von Delta Search sehr freuen. Als Virenschutzprogramme habe ich die Premiumversion von Avira Antivir drauf. OTL-Logfile: Code:
ATTFilter OTL logfile created on: 17.04.2013 22:57:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,79 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 63,40% Memory free 15,57 Gb Paging File | 12,77 Gb Available in Paging File | 82,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,23 Gb Total Space | 797,73 Gb Free Space | 88,03% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.09 21:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe PRC - [2013.04.08 12:11:43 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2013.02.26 14:23:13 | 010,219,872 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.02.26 14:15:58 | 000,185,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2013.02.12 20:44:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 20:43:20 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 20:43:06 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.02.12 20:43:02 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 20:43:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.17 20:39:13 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.27 18:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.05.30 21:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe PRC - [2012.05.02 09:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe PRC - [2012.04.25 14:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe PRC - [2012.02.13 16:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe PRC - [2012.02.07 19:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 19:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 19:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.07 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.31 16:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe ========== Modules (No Company Name) ========== MOD - [2013.04.08 12:11:43 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.04.08 12:08:35 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.02.17 02:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013.04.08 12:11:43 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.30 23:18:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 21:10:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.02.12 20:44:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 20:43:20 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 20:43:06 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.02.12 20:43:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.16 23:38:53 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.27 18:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.29 17:20:30 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.08.23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.08.23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.08.23 17:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.08.23 17:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.08.23 14:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.07.18 01:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.03.30 13:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache) SRV - [2012.02.13 16:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService) SRV - [2012.02.07 19:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 19:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 19:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.07 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.12.19 20:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.12.19 20:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.12.19 20:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.20 17:34:58 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2013.01.17 21:04:30 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.01.17 21:04:30 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.01.17 21:04:30 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.16 23:39:09 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2013.01.16 23:38:44 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.29 12:34:47 | 000,030,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.09.30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.07 16:01:16 | 000,293,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.04.12 01:30:00 | 000,708,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.30 13:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd) DRV:64bit: - [2012.03.30 13:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.05 04:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 04:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 04:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.20 18:38:38 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011.12.20 18:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.20 18:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.14 15:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2011.12.13 12:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.12.13 12:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.22 15:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.16 17:35:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=1610C4850812B886 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=1610C4850812B886 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 99 79 77 11 FD CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=1610C4850812B886 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:10:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.04.09 20:43:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:10:11 | 000,000,000 | ---D | M] [2013.01.17 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2013.04.09 21:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\g0tdhxof.default\extensions [2013.04.09 20:43:17 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\g0tdhxof.default\extensions\ffxtlbr@delta.com [2013.02.14 16:58:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\g0tdhxof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.09 20:43:18 | 000,001,294 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\g0tdhxof.default\searchplugins\delta.xml [2013.03.08 21:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.09 20:43:42 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2013.03.08 21:10:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 17:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.09 20:43:02 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.01.05 17:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 17:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 17:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 17:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 17:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 20:50:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.09 20:50:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.09 20:50:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.09 20:50:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.09 20:50:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.09 20:50:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.09 20:50:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.09 20:50:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.09 20:50:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.09 20:50:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.09 20:50:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.09 20:50:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.09 20:50:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.09 20:50:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.09 20:50:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.09 20:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.04.09 20:43:42 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.04.09 20:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.04.09 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\BabSolution [2013.04.09 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.04.09 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Babylon [2013.04.09 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.01 17:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.04.01 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24 [2013.04.01 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Programs [2013.03.30 23:35:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.17 22:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.17 20:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.17 20:33:21 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.17 20:33:21 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.17 20:32:19 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.17 20:32:19 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.17 20:32:19 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.17 20:32:19 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.17 20:32:19 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.17 20:26:10 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.04.17 20:24:55 | 1975,672,831 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 22:52:42 | 1915,885,906 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.09 21:56:02 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable [2013.04.09 16:35:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.04.01 17:50:16 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.04.01 17:50:16 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.03.30 23:18:05 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.30 23:18:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.09 21:56:02 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable [2013.04.09 20:45:45 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.04.09 20:45:45 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.04.09 20:45:45 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.04.01 17:50:16 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.04.01 17:50:16 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.02.04 18:34:41 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.26 20:19:10 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.26 20:19:08 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.26 20:03:46 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.26 18:53:42 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 21:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,79 Gb Total Physical Memory | 4,33 Gb Available Physical Memory | 55,66% Memory free
15,57 Gb Paging File | 11,86 Gb Available in Paging File | 76,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,23 Gb Total Space | 798,92 Gb Free Space | 88,16% Space Free | Partition Type: NTFS
Drive E: | 15,05 Gb Total Space | 15,05 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: LAPTOP | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A16580-8436-49EC-B371-3224D8DEF79E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1893CA43-AAD3-425F-8132-8B7EFEA93809}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{244EFCB4-0187-4B64-A25F-7DB9A17C76C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C55218C-27CF-47D3-8118-4C14584736BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D2B6C5F-BE7D-4EA6-BCDB-42D813F43267}" = lport=138 | protocol=17 | dir=in | app=system |
"{36D46707-9C28-456D-955D-908D2256318C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BD8B1AC-FC69-4DB4-9B22-17B104472FEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E91E309-E70F-4369-B581-13CEE54F6E46}" = rport=138 | protocol=17 | dir=out | app=system |
"{532397B8-9E77-46BA-BD85-978D6AB2162A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53ED8964-68EF-4E82-BFE4-D644558B3777}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724AD957-69EE-4FB3-BA3A-C639984A78F2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7BD28389-CE9B-472F-BE7F-552208AC9B06}" = rport=139 | protocol=6 | dir=out | app=system |
"{873A4A1C-FC80-4F40-B57E-5CE305D97100}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89532E92-58E5-43FD-B47C-8795B5803E90}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB4E25C7-6962-4785-9C04-9FE51E37414F}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD7EA5E9-7517-4CA8-9AE9-1F3F725BEE69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF13B9C0-EEAF-4D5D-B783-91C0FDD86068}" = rport=137 | protocol=17 | dir=out | app=system |
"{E88A935F-0603-434F-A3DF-D01050D49275}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE47EA72-E7C7-41E1-A7EE-ADBFE0EBC306}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEF6BE11-AA98-41CA-B6A4-6CBC0967573A}" = rport=445 | protocol=6 | dir=out | app=system |
"{F70B06A6-7BCE-4F7B-B9A7-4989966942C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1469DF3F-E06F-48DE-BBA8-4BCED9BBBC97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14854B23-DAEC-4196-9209-C32737718A94}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{18155E74-ACDB-4DA2-9E2C-E9FC36F13672}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{20303CE2-9AD5-4C91-8173-3BB0909C5B17}" = protocol=6 | dir=out | app=system |
"{24910529-0522-422A-B3D6-9C8C3A6EC725}" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"{2B877398-E5E5-42DC-8C70-AA3BEFE1F7AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{2D6E2288-4945-4048-B853-8C92568A9BF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32EE85BA-26C7-4389-8B7F-6137320DD5F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{366C2D70-1884-47A8-ABCF-40A6BB35BEF2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{3AE53353-DEFB-447B-82DE-9D7AC6F2C776}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4234CC54-701F-4E81-9BA1-B63D23B6B632}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{441E0B21-BC60-4631-901E-2706845FBD35}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{4EB9A436-98D8-4F17-AEA8-155932FDB656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5632D854-F225-4AE6-8F4A-F7748293F9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{567880EB-8DAE-4456-ABCF-6E4ED9372AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{5B9142A6-9137-43C9-9300-62ED01A29658}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF31547-282E-473E-BF8B-1987AE260937}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62A5341F-3EB8-47F0-98C0-5406FC016427}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{647E9781-E5C9-4583-A5DE-10A9CE439A17}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"{66BD1EE8-68C8-445C-AF13-891E1CC9CFAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B45D67E-0198-4524-9E8A-4700EC18D157}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6FB8FF72-537C-4E20-8B78-971AD37793A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74E41BD8-E13D-49C9-A0B4-36FD1AD6EDF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{78718F2B-73D2-4940-996A-D24B31590B69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C363C24-1A20-4A3A-A7D3-773A27C9A074}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{7F09FEA1-05E7-46F4-A143-F9E49245D94B}" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"{8B630C94-38EB-4639-8774-F0CE01A23684}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93519BDD-901E-4BC3-A0CD-E6FCCFA6F59D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{9901EC7D-0E36-4845-8164-10E539DA63B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9AEF92F6-70A1-4C8F-95CF-C92A4D9E03E9}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{9C0DCF98-B51A-421F-BF61-1F34F56DBBE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A106EA4A-8916-4CA5-A872-97163E6C4493}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{A35C8FA2-3B8E-43D5-9AFB-46847B32DE02}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A8923F83-5947-4A08-AF67-124A27B106C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA4C55B8-7135-4F43-841D-456A122321C2}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{C5539BE8-3198-4374-844D-C7DC1FA1B9F0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{C856D9F3-A6E8-4583-9BE5-BC555B075047}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D45A92DA-CABC-4948-9864-7301588E9A16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D66B5BD5-BD20-4C03-9C4C-BF5EC0C11B13}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"{DC1D7B8E-F2BC-49D3-BB8D-8CD0B1CF3870}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E982762C-66FF-40DA-93F3-B07316B841F1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFEB80A2-ACE5-4068-8D10-F2371FB26E1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0A26E3F-EB9F-477C-AF0C-EB697B522135}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F87DC149-A54D-4287-A933-1055DDF9422E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FE098C1F-60FE-40DF-8802-5A4B02AAA4C9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{C26A2C31-B518-42CF-808E-90D4F6918236}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{F13C1A48-0122-4FB4-857A-F8B57921FF9D}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{5BBDA291-7218-4178-9CD0-8F072BAD960A}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{958A200C-199D-41CF-A14F-843E609807CE}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7660521A-062D-41F5-AA5E-CBA0E0511131}" = Treiber-Studio 2013
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C017D5C7-E2C0-4276-8C8A-0CB6D5914DDD}" = Oracle VM VirtualBox 4.2.8
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 10.7.17.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AC04B19-F01D-49E2-B5E3-4025B7A4B07A}" = StarMoney
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{993B26A3-3BA8-4EA5-9099-E96C1BF236AF}" = StarMoney
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDAFEC8-4A7C-4780-BEB1-5FE16C493F40}" = StarMoney 8.0
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}" = SW Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"StarCraft II" = StarCraft II
"Sweet Home 3D_is1" = Sweet Home 3D version 3.7
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.01.2013 15:02:13 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 28.01.2013 17:44:09 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 13:34:52 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 14:15:35 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 06.02.2013 12:55:15 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
Error - 08.02.2013 15:37:54 | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = Programm WORDPAD.EXE, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1dac Startzeit: 01ce0633c0011818 Endzeit: 16 Anwendungspfad:
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE Berichts-ID: 0560965c-7227-11e2-b1a4-c4850812b889
Error - 17.02.2013 16:46:00 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
Error - 17.02.2013 17:09:40 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 09.03.2013 10:25:45 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 10.03.2013 06:05:25 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.04.2013 20:32:26 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 01.04.2013 20:32:27 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 01.04.2013 20:32:27 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 01.04.2013 20:32:28 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.04.2013 04:26:54 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.04.2013 04:26:55 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.04.2013 04:26:55 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.04.2013 04:26:56 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 09.04.2013 14:41:46 | Computer Name = Laptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 09.04.2013 15:09:27 | Computer Name = Laptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-17 22:56:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\uxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1908] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1908] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2244] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2244] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2364] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2364] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2460] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2460] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe[2604] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe[2604] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4120] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4120] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[4700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[4700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[4700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[4700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\PDF24\pdf24.exe[4916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\PDF24\pdf24.exe[4916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\PDF24\pdf24.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\PDF24\pdf24.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[1408] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[1408] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[3076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[3076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4572] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4572] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[5248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000750acfca 3 bytes JMP 0000000173964620
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[5248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW + 4 00000000750acfce 1 byte [FE]
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752f1465 2 bytes [2F, 75]
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752f14bb 2 bytes [2F, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850812b889
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850812b889 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Delta-Search durch J-Downloader eingefangen |
| adobe reader xi, antivir, autorun, avira, battle.net, bho, cpu, delta chrome toolbar, delta search, delta toolbar, deltasearch, desktop, error, firefox, flash player, format, frage, google, helper, home, install.exe, jdownloader, mozilla, nvpciflt.sys, object, plug-in, realtek, registry, rundll, scan, software, starmoney, svchost.exe, usb, virtualbox, windows |
Baum-Darstellung