| |
| |||||||
Log-Analyse und Auswertung: WSsetup.exe ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2013, 15:48
| #1 |
| |  WSsetup.exe Problem Hallo, ich hoffe mir kann jemand helfen es geht um das WSsetup.exe Problem. Ich habe mal die Logfiles erstellst und poste diese im Anhang. Danbke schon mal für die Hilfe. Viele Grüße riza2177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by drz on 11.06.2013 at 15:26:52,39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] ibupdaterservice ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim" Successfully deleted: [Empty Folder] C:\Users\drz\appdata\local\{592b1764-b969-feb7-7bb4-ab2f00633538} ~~~ FireFox Successfully deleted: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\bprotector_prefs.js Failed to delete: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\babylon.xml Successfully deleted the following from C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\prefs.js user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=788268A3C49221B0"); user_pref("browser.search.order.1", "Delta Search"); user_pref("browser.search.selectedEngine", "Delta Search"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.06.2013 at 15:35:29,45 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL logfile created on: 11.06.2013 15:40:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\drz\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,48% Memory free 7,86 Gb Paging File | 5,79 Gb Available in Paging File | 73,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,09 Gb Total Space | 162,38 Gb Free Space | 73,12% Space Free | Partition Type: NTFS Drive D: | 222,09 Gb Total Space | 221,99 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Computer Name: DASREISEZENTRUM | User Name: drz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\drz\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\jmdp\stij.exe () PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\Windows\SysWOW64\BRSS01A.EXE (brother Industries Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\jmdp\stij.exe () MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\SysWOW64\opensc-pkcs11.dll () |
|
11.06.2013, 16:00
| #2 |
| /// TB-Ausbilder   | WSsetup.exe Problem Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
|
11.06.2013, 16:01
| #3 |
| /// TB-Ausbilder | WSsetup.exe Problem Servus,
__________________ich brauche mehr Informationen... bitte alle Tools genau so ausführen: Schritt 1
Code:
ATTFilter activex
msconfig
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
|
11.06.2013, 18:30
| #4 |
| | WSsetup.exe Problem Hallo Matthias, hier die gewünschten Daten:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2013 18:00:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\drz\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,04% Memory free 7,86 Gb Paging File | 5,89 Gb Available in Paging File | 74,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,09 Gb Total Space | 162,25 Gb Free Space | 73,06% Space Free | Partition Type: NTFS Drive D: | 222,09 Gb Total Space | 221,99 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Computer Name: DASREISEZENTRUM | User Name: drz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.11 12:54:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\drz\Downloads\OTL.exe PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 15:10:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.16 09:16:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.16 09:15:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.12.17 19:35:39 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.27 12:59:28 | 000,076,288 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.12.03 08:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2010.11.11 17:58:02 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2010.11.11 17:57:58 | 000,181,624 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2010.11.05 17:27:50 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2010.10.26 17:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2010.10.26 17:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010.02.24 20:19:02 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE PRC - [2001.12.13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013.05.17 09:12:13 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.17 09:12:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.17 09:12:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.17 09:11:53 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.17 09:11:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2013.01.11 11:51:04 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 19:12:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 19:12:16 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 19:12:16 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 19:12:14 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 19:12:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.12.03 08:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2010.12.03 05:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2010.11.11 17:57:58 | 000,210,304 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2010.11.11 17:57:58 | 000,181,624 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2010.11.11 04:51:21 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.23 10:17:33 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 10:06:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.16 09:16:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.16 09:15:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2011.12.09 19:47:40 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Programme\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.27 12:59:28 | 000,076,288 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.23 13:45:00 | 000,024,576 | ---- | M] (Galileo International) [Auto | Running] -- C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe -- (Galileo SSL Tunnel) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.16 09:16:48 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.16 09:16:48 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.16 09:16:48 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.17 19:35:21 | 000,116,480 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 11:27:22 | 000,078,080 | ---- | M] (Identive ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S332x64.sys -- (S332x64) DRV:64bit: - [2011.11.27 00:20:48 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.03 05:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) DRV:64bit: - [2009.11.03 05:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=788268A3C49221B0 IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=788268A3C49221B0 IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{22AE64D6-4A39-402E-8424-91B8652687B6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{2400F66B-DDB5-406F-810D-7B48743CFB33}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE540 IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.enabled: false FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.23 12:34:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 09:44:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\extensions\mail@shopping-preise.de FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013.06.11 12:36:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 09:44:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.11.26 23:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drz\AppData\Roaming\mozilla\Extensions [2013.06.11 15:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drz\AppData\Roaming\mozilla\Firefox\Profiles\4bt7ckq7.default\extensions [2013.06.11 12:36:32 | 000,006,470 | ---- | M] () -- C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\babylon.xml [2013.06.11 15:29:15 | 000,002,120 | ---- | M] () -- C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\MyStart.xml [2013.05.23 10:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.23 10:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 10:17:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=788268A3C49221B0 CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.114_0\ CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Programme\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [AVMUSBFernanschluss] C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EDA72C2-CFC3-4D81-BC06-175D3FFE0548}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.06.06 10:41:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2013.06.06 11:08:20 | 000,000,054 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{dfc96227-5878-4b83-b838-8dbd3f05dc84} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 14:41:23 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Google [2013.06.11 12:40:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.11 12:40:17 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.11 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\drz\Local Settings [2013.06.11 12:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.06.11 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.06.11 12:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics [2013.06.11 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.11 12:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.06 11:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galileo Print Manager [2013.06.06 11:07:21 | 000,000,000 | ---D | C] -- C:\My Documents [2013.06.06 11:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focalpoint [2013.06.06 10:54:55 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2013.06.06 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Travelport [2013.06.06 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Travelport,_inc [2013.06.06 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Local\Travelport [2013.06.06 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Travelport [2013.06.06 10:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galileo Desktop [2013.06.06 10:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2013.06.06 10:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Galileo International Shared [2013.06.06 10:16:19 | 000,000,000 | ---D | C] -- C:\fp [2013.06.06 10:15:21 | 000,335,872 | ---- | C] (Galileo) -- C:\Windows\SysWow64\fpcpl2app.cpl [2013.06.06 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galileo [2013.06.05 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.06.05 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.06.03 09:12:23 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.05.29 09:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.29 09:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.24 18:15:21 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myJACK [2013.05.23 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 12:25:51 | 000,000,000 | ---D | C] -- C:\Users\drz\Desktop\Neuer Ordner (2) [2013.05.17 09:08:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.17 09:08:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.17 09:08:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.17 09:08:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 09:08:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.17 09:08:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.17 09:08:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 09:08:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 09:08:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.17 09:08:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.17 09:08:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.17 09:08:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.17 09:08:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 09:08:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.17 09:08:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.16 09:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.16 09:09:38 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 09:09:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 09:09:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 09:09:30 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 09:09:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 09:09:30 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.16 09:09:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2013.06.11 17:08:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 17:08:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 17:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.11 17:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.11 15:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.11 15:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.11 15:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.11 15:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.11 15:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.11 15:25:21 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 15:25:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013.06.11 15:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 15:25:00 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 12:36:22 | 000,001,177 | ---- | M] () -- C:\Users\drz\Desktop\Check for Updates.lnk [2013.06.11 11:01:57 | 568,889,257 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 15:29:32 | 000,023,587 | ---- | M] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai neu.pdf [2013.06.06 16:03:59 | 003,794,165 | ---- | M] () -- C:\Users\drz\Desktop\KaribikreiseDerTour.pdf [2013.06.06 12:48:04 | 000,280,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.06 11:08:20 | 000,000,054 | ---- | M] () -- C:\AUTOEXEC.BAT [2013.06.06 11:08:17 | 000,000,780 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Manager.lnk [2013.06.06 10:41:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001 [2013.06.06 10:40:58 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\Galileo Desktop.lnk [2013.06.06 10:12:58 | 000,002,076 | ---- | M] () -- C:\Windows\setup.ini [2013.06.04 17:54:59 | 001,805,598 | ---- | M] () -- C:\Users\drz\Desktop\Angebot Frau Frohnen Tunesien.pdf [2013.05.31 09:55:09 | 000,208,613 | ---- | M] () -- C:\Users\drz\Desktop\Rücktrittsschreiben.pdf [2013.05.31 09:51:47 | 000,214,435 | ---- | M] () -- C:\Users\drz\Desktop\Ganzseitiges Foto.pdf [2013.05.28 16:27:08 | 002,714,224 | ---- | M] () -- C:\Users\drz\Desktop\Angebote Herr Baumann HR Hotel.pdf [2013.05.28 09:37:15 | 000,023,592 | ---- | M] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai.pdf [2013.05.27 11:40:43 | 000,000,376 | ---- | M] () -- C:\Users\drz\irisplus-user.properties [2013.05.24 18:25:14 | 000,038,054 | ---- | M] () -- C:\Users\drz\Desktop\5002622.pdf [2013.05.21 18:00:19 | 000,047,903 | ---- | M] () -- C:\Users\drz\Desktop\Borris Schwerkolt Reklamation.pdf [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.21 13:25:53 | 000,000,429 | ---- | M] () -- C:\Users\drz\Documents\ChatLog FTI GROUP Start up Schulung KW 21 2013_05_21 13_25.rtf [2013.05.16 10:06:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.16 10:06:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 12:36:22 | 000,001,177 | ---- | C] () -- C:\Users\drz\Desktop\Check for Updates.lnk [2013.06.07 15:29:59 | 000,023,587 | ---- | C] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai neu.pdf [2013.06.06 16:04:19 | 003,794,165 | ---- | C] () -- C:\Users\drz\Desktop\KaribikreiseDerTour.pdf [2013.06.06 11:08:17 | 000,000,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Manager.lnk [2013.06.06 10:41:17 | 000,000,054 | ---- | C] () -- C:\AUTOEXEC.BAT [2013.06.06 10:41:17 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.001 [2013.06.06 10:40:58 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\Galileo Desktop.lnk [2013.06.06 10:12:57 | 000,002,076 | ---- | C] () -- C:\Windows\setup.ini [2013.06.04 17:55:31 | 001,805,598 | ---- | C] () -- C:\Users\drz\Desktop\Angebot Frau Frohnen Tunesien.pdf [2013.06.03 09:12:23 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.05.31 09:55:08 | 000,208,613 | ---- | C] () -- C:\Users\drz\Desktop\Rücktrittsschreiben.pdf [2013.05.31 09:51:06 | 000,214,435 | ---- | C] () -- C:\Users\drz\Desktop\Ganzseitiges Foto.pdf [2013.05.28 16:27:35 | 002,714,224 | ---- | C] () -- C:\Users\drz\Desktop\Angebote Herr Baumann HR Hotel.pdf [2013.05.28 09:37:54 | 000,023,592 | ---- | C] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai.pdf [2013.05.24 18:25:14 | 000,038,054 | ---- | C] () -- C:\Users\drz\Desktop\5002622.pdf [2013.05.21 18:00:30 | 000,047,903 | ---- | C] () -- C:\Users\drz\Desktop\Borris Schwerkolt Reklamation.pdf [2013.05.21 13:25:53 | 000,000,429 | ---- | C] () -- C:\Users\drz\Documents\ChatLog FTI GROUP Start up Schulung KW 21 2013_05_21 13_25.rtf [2013.04.02 12:59:25 | 000,060,864 | ---- | C] () -- C:\Users\drz\g2mdlhlpx.exe [2012.12.11 17:39:11 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe [2012.12.11 17:39:11 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll [2012.12.11 17:39:10 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe [2012.12.11 17:39:10 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe [2012.10.12 16:28:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi [2012.07.17 11:13:51 | 000,000,302 | ---- | C] () -- C:\Windows\{7497BB4F-CE23-47D4-B2CB-62548080F74F}_WiseFW.ini [2012.06.21 12:05:37 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.21 12:05:37 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.06.10 13:11:56 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2012.03.12 17:01:54 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2012.03.12 13:25:18 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.03 15:44:56 | 000,000,035 | ---- | C] () -- C:\Users\drz\irisplus-iplusbos.properties [2011.12.12 19:49:17 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.30 13:05:41 | 000,000,127 | ---- | C] () -- C:\Users\drz\irisplus-iplustra.properties [2011.11.30 13:00:46 | 000,000,376 | ---- | C] () -- C:\Users\drz\irisplus-user.properties [2011.11.27 00:33:28 | 000,000,774 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.11.27 00:33:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.11.27 00:32:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.11.27 00:32:07 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.07.15 13:49:46 | 001,260,032 | ---- | C] () -- C:\Windows\SysWow64\opensc-minidriver.dll [2011.07.15 13:49:36 | 001,577,984 | ---- | C] () -- C:\Windows\SysWow64\opensc-pkcs11.dll [2011.07.15 13:49:36 | 001,577,984 | ---- | C] () -- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll [2010.08.27 12:12:48 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{592b1764-b969-feb7-7bb4-ab2f00633538}\L [2012.06.26 18:18:26 | 000,002,048 | -HS- | M] () -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Punkt2: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:33 on 11/06/2013 (drz) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Geändert von riza2177 (11.06.2013 um 18:50 Uhr) |
|
11.06.2013, 18:51
| #5 |
| | WSsetup.exe Problem Punkt3: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 19:46:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.JC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\drz\AppData\Local\Temp\uwayyaoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031bb000 65 bytes [55, 6C, 58, 52, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800031bb042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1768] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\user32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006dac11a8 2 bytes [AC, 6D]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006dac13a8 2 bytes [AC, 6D]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006dac1422 2 bytes [AC, 6D]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006dac1498 2 bytes [AC, 6D]
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[4704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\PDF24\pdf24.exe[5064] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002d955984 4 bytes [22, 46, 20, BA]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007785f9c0 5 bytes JMP 0000000171495f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 000000007785f9d8 5 bytes JMP 0000000171496411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007785fa08 5 bytes JMP 000000017149016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007785fa20 5 bytes JMP 000000017148fbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007785fa70 5 bytes JMP 000000017148fa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007785fa88 2 bytes JMP 000000017148fb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 000000007785fa8b 2 bytes [C3, F9]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007785fb20 5 bytes JMP 0000000171490424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007785fc18 5 bytes JMP 0000000171494369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007785fd2c 5 bytes JMP 000000017148f9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007785fd44 5 bytes JMP 0000000171494959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007785fd78 5 bytes JMP 00000001714939de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007785fe24 5 bytes JMP 0000000171495fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007785fe3c 5 bytes JMP 0000000171494adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077860094 5 bytes JMP 0000000171494791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000778601a4 5 bytes JMP 000000017148fc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000778609c4 5 bytes JMP 0000000171494584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000778609dc 5 bytes JMP 000000017148cc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077860a24 5 bytes JMP 000000017148cd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077860b60 5 bytes JMP 000000017148ccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077860f50 5 bytes JMP 000000017148fcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077860f68 5 bytes JMP 000000017148ff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077860ff8 5 bytes JMP 00000001714901fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007786131c 5 bytes JMP 0000000171494b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007786145c 5 bytes JMP 000000017148fec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077861508 5 bytes JMP 0000000171496389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 00000000778616f8 1 byte JMP 000000017148d138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2 00000000778616fa 3 bytes {JMP 0xfffffffff9c2ba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077861a38 5 bytes JMP 000000017148facc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077861b7c 5 bytes JMP 000000017149616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000757f103d 5 bytes JMP 00000001714693a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000757f1072 5 bytes JMP 00000001714694e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007581c9b5 5 bytes JMP 000000017146971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000758700c3 5 bytes JMP 0000000171469efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007587016b 5 bytes JMP 000000017146a231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075872c91 5 bytes JMP 0000000171469aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!AllocConsole 0000000075896b3e 5 bytes JMP 0000000171497431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!AttachConsole 0000000075896c02 5 bytes JMP 0000000171497443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f42aa4 5 bytes JMP 000000017146a43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075378a29 5 bytes JMP 0000000171497419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007537d22e 5 bytes JMP 0000000171497401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007512d2b2 5 bytes JMP 0000000171477617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 000000007512d7bb 5 bytes JMP 00000001714775fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000754c1e3a 7 bytes JMP 000000017147a3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000754cb466 7 bytes JMP 000000017147b2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000754e78ff 7 bytes JMP 000000017147aa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000754e79bb 7 bytes JMP 000000017147ac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000754ea3e2 7 bytes JMP 000000017147b3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075502538 5 bytes JMP 000000017146985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000075521b94 7 bytes JMP 000000017147ab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000075521c31 7 bytes JMP 000000017147acc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000075522021 7 bytes JMP 000000017147b21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000075522104 7 bytes JMP 000000017147a470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000075522221 5 bytes JMP 000000017147b15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000076a64d5c 7 bytes JMP 000000017147a1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076a64dc3 7 bytes JMP 000000017147a527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076a64e4b 7 bytes JMP 000000017147a28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076a64eaf 7 bytes JMP 000000017147a31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000076a64f35 7 bytes JMP 000000017147a079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!StartServiceA 0000000076a6508d 7 bytes JMP 000000017147a10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 0000000076a650f4 7 bytes JMP 000000017147b02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076a65181 7 bytes JMP 000000017147b0c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076a65254 7 bytes JMP 000000017147a728
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076a653d5 7 bytes JMP 000000017147a643
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076a654c2 7 bytes JMP 000000017147a9ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076a655e2 7 bytes JMP 000000017147a934
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076a6567c 7 bytes JMP 0000000171479e5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076a6589f 7 bytes JMP 0000000171479d85
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076a65a22 7 bytes JMP 000000017147a5b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076a65a83 7 bytes JMP 000000017147ae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076a65b29 7 bytes JMP 000000017147adc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076a65ca0 7 bytes JMP 0000000171479535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076a65d8c 7 bytes JMP 00000001714794bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 0000000076a663ad 7 bytes JMP 0000000171479a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 0000000076a664f0 7 bytes JMP 0000000171479b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076a66633 7 bytes JMP 000000017147af90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 0000000076a6680c 7 bytes JMP 000000017147aef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000076a6714b 7 bytes JMP 0000000171479bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000076a67245 7 bytes JMP 0000000171479c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 000000007677c56e 5 bytes JMP 00000001714811c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007677ea09 7 bytes JMP 0000000171481795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleRun 00000000767807de 5 bytes JMP 0000000171481650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000767821e1 5 bytes JMP 00000001714822c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleUninitialize 000000007678eba1 6 bytes JMP 000000017148156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleInitialize 000000007678efd7 5 bytes JMP 00000001714814ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000767926b9 5 bytes JMP 000000017148133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000767a54ad 5 bytes JMP 0000000171482853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000767b09ad 5 bytes JMP 00000001714813af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000767b86d3 5 bytes JMP 0000000171481431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000767b9d0b 5 bytes JMP 0000000171483b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000767b9d4e 5 bytes JMP 0000000171481c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 00000000767dbb09 7 bytes JMP 00000001714816c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 00000000767feacf 5 bytes JMP 0000000171480c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007683340b 5 bytes JMP 0000000171482d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007687cfd9 5 bytes JMP 00000001714815da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 000000007690279e 5 bytes JMP 0000000171480eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000076903294 5 bytes JMP 0000000171480fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000076918f40 5 bytes JMP 0000000171481048
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 0000000173564970
.text C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [4336:5304] 000000006bddb5fc
Thread C:\Windows\system32\svchost.exe [4336:5320] 000000006db81760
Thread C:\Windows\system32\svchost.exe [4336:5336] 00000000741e2234
Thread C:\Windows\system32\svchost.exe [4336:5340] 000000006be00398
Thread C:\Windows\system32\svchost.exe [4336:5348] 000000006bdd6394
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6384] 000007fef901cc10
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6388] 000007fef8edb564
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6412] 000007fef8edb564
---- EOF - GMER 2.1 ----
|
|
11.06.2013, 19:31
| #6 |
| /// TB-Ausbilder | WSsetup.exe Problem Servus, AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten! Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach geht es mit ComboFix weiter: Scan mit Combofix
|
|
12.06.2013, 08:49
| #7 |
| | WSsetup.exe Problem Hallo, Datei1AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 12/06/2013 um 09:41:18 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : drz - DASREISEZENTRUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\drz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserDefendert
Gestoppt & Gelöscht : IBUpdaterService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\drz\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\drz\Desktop\Check for Updates.lnk
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\Freeware.de
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\XingHaoLyrics
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\drz\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\drz\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\TempDir
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5ced6dbb63cee48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5ced6dbb63cee48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ED25F14-84F4-42EF-AC1B-E3CBB089E4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56EA303A-8F0E-4A13-A753-472ECC7C4D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\prefs.js
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=78826[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [25285 octets] - [12/06/2013 09:41:18]
########## EOF - C:\AdwCleaner[S1].txt - [25346 octets] ##########
Datei 2AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 12/06/2013 um 09:44:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : drz - DASREISEZENTRUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\drz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\ProgramData\BrowserDefender
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [25324 octets] - [12/06/2013 09:41:18]
AdwCleaner[S2].txt - [2049 octets] - [12/06/2013 09:44:33]
########## EOF - C:\AdwCleaner[S2].txt - [2109 octets] ##########
So und nun der rest. Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - drz 12.06.2013 10:12:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4023.2633 [GMT 2:00]
ausgeführt von:: c:\users\drz\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\drz\AppData\Roaming\Microsoft\Windows\Recent\Transhotel_TOR_System(1).url
c:\users\drz\AppData\Roaming\Microsoft\Windows\Recent\Transhotel_TOR_System.url
c:\users\drz\g2mdlhlpx.exe
c:\windows\SysWow64\office.exe
c:\windows\vpuninst.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 08:19 . 2013-06-12 08:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 08:11 . 2013-06-12 08:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29352861-9EF6-444C-AA0C-59927A2241EF}\offreg.dll
2013-06-11 10:40 . 2013-06-11 10:40 -------- d-----w- c:\windows\ERUNT
2013-06-11 10:40 . 2013-06-11 13:26 -------- d-----w- C:\JRT
2013-06-11 10:36 . 2013-06-11 10:36 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-11 07:31 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29352861-9EF6-444C-AA0C-59927A2241EF}\mpengine.dll
2013-06-06 09:07 . 2013-06-06 09:07 -------- d-----w- c:\program files (x86)\Focalpoint
2013-06-06 09:07 . 2013-06-06 09:07 -------- d-----w- C:\My Documents
2013-06-06 08:54 . 2001-04-20 06:05 304128 ----a-w- c:\windows\IsUninst.exe
2013-06-06 08:53 . 2013-06-06 08:53 -------- d-----w- c:\users\drz\AppData\Roaming\Travelport
2013-06-06 08:53 . 2013-06-06 08:53 -------- d-----w- c:\users\drz\AppData\Local\Travelport
2013-06-06 08:44 . 2013-06-06 08:44 -------- d-----w- c:\program files (x86)\Travelport
2013-06-06 08:40 . 2013-06-06 08:44 -------- d-----w- c:\program files (x86)\Common Files\Galileo International Shared
2013-06-06 08:16 . 2013-06-06 08:40 -------- d-----w- C:\fp
2013-06-06 08:15 . 2008-01-08 12:04 335872 ----a-w- c:\windows\SysWow64\fpcpl2app.cpl
2013-06-06 08:07 . 2013-06-06 08:07 -------- d-----w- c:\program files (x86)\Galileo
2013-06-05 07:44 . 2013-06-05 07:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-05 07:44 . 2013-06-05 07:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-05 07:44 . 2013-06-05 07:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-05 07:44 . 2013-06-05 07:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-05 07:44 . 2013-06-05 07:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-06-05 07:43 . 2013-06-05 07:44 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-03 07:12 . 2013-06-03 07:12 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-03 07:12 . 2013-06-03 07:12 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-03 07:12 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-03 07:12 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-05-29 07:48 . 2013-05-29 07:48 -------- d-----w- c:\program files\iPod
2013-05-29 07:48 . 2013-05-29 07:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-29 07:48 . 2013-05-29 07:48 -------- d-----w- c:\program files\iTunes
2013-05-29 07:48 . 2013-05-29 07:48 -------- d-----w- c:\program files (x86)\iTunes
2013-05-17 07:09 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 07:09 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 07:09 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 07:50 . 2013-05-17 07:05 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 07:12 . 2011-12-27 08:16 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-16 08:06 . 2012-03-29 13:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 08:06 . 2011-11-29 08:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 08:00 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-02-01 09:23 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-16 07:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 07:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 07:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 07:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 07:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 07:08 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-18 09:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04 . 2013-04-11 07:39 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 07:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 07:39 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 07:39 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 07:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 07:39 112640 ----a-w- c:\windows\system32\smss.exe
2012-05-15 08:33 . 2012-10-12 14:28 1456640 ----a-w- c:\program files (x86)\Common Files\Falk Navi-Manager classic.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"AVMUSBFernanschluss"="c:\users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe" [2012-12-17 139264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-12-03 618600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2010-02-24 171104]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-11-05 124136]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Print Manager.lnk - c:\my documents\Focalpoint PM\Host.gsa [2013-6-6 66]
RTK-Unabhängikeitsplattform.lnk - c:\bo.sys\bin\bosys.exe [2012-1-3 557056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 S332x64;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\S332x64.sys;c:\windows\SYSNATIVE\DRIVERS\S332x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
S2 Galileo SSL Tunnel;Galileo SSL Tunnel;c:\program files (x86)\Galileo\SSL\SSLClientService.exe;c:\program files (x86)\Galileo\SSL\SSLClientService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 09:05 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:06]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 09:29]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 09:29]
.
2013-06-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-05 2122856]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2011-12-09 900992]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Mit PDF Viewer Plus öffnen - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39} - c:\program files (x86)\ParetoLogic\FileCure\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 10:22:30
ComboFix-quarantined-files.txt 2013-06-12 08:22
.
Vor Suchlauf: 15 Verzeichnis(se), 173.240.295.424 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 174.812.647.424 Bytes frei
.
- - End Of File - - FAC8B0DE45B19383C9ACFF07D078457C
D41D8CD98F00B204E9800998ECF8427E |
|
13.06.2013, 16:50
| #8 |
| /// TB-Ausbilder | WSsetup.exe Problem Servus, sorry für die Verspätung, hab grad viel um die Ohren. Gut gemacht. Wir spüren noch die letzten Reste auf, damit wir sie im Anschluss entfernen können.  Schritt 1
Schritt 2 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft dein Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
18.06.2013, 18:57
| #9 |
| /// TB-Ausbilder | WSsetup.exe Problem Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu WSsetup.exe Problem |
| .dll, acer, adobe, antivir, avg, avira, bingbar, desktop, explorer, format, home, hotkey, internet, internet explorer, logfiles, mcafee, microsoft, mozilla, opera, pdf, pmmupdate.exe, problem, registry, security, service.exe, software, windows |
Textbox.
Linear-Darstellung
