Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
bizcoaching Popup öffnet sich bei fast jedem Klick im IE10

bizcoaching Popup öffnet sich bei fast jedem Klick im IE10


Mülltonne: bizcoaching Popup öffnet sich bei fast jedem Klick im IE10

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 04.07.2013, 14:17   #1
lilli1811
 
bizcoaching Popup öffnet sich bei fast jedem Klick im IE10 - Standard

bizcoaching Popup öffnet sich bei fast jedem Klick im IE10


Hallo liebe Forum-Mitglieder,

leider habe ich in letzter Zeit bei jedem Klick in meinem IE10, das sich zusätzlich auch noch ein Bizcoaching Fenster öffnet, ich habe verfolge gerade Eure Anleitung und poste was die Programme ausspucken hier:

OTL.txt

OTL logfile created on: 7/4/2013 2:19:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\InaIngo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.80 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 34.92% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 327.01 Gb Free Space | 59.87% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.91 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
Drive E: | 564.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: INAINGO-PC | User Name: InaIngo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 14:19:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\InaIngo\Downloads\OTL.exe
PRC - [2013/05/28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/03/11 18:42:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011/12/09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011/06/28 10:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2011/05/09 15:52:04 | 000,271,456 | ---- | M] (Datev eG) -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2010/11/20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/09/22 17:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
PRC - [2010/08/25 08:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
PRC - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/12/10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/05/28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/11 18:42:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011/09/16 01:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/07/25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011/06/28 10:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2011/05/09 15:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2010/12/06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/09/22 17:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2010/09/08 16:42:14 | 000,511,072 | ---- | M] (DATEV e.G.) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service)
SRV - [2010/08/25 08:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/23 03:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/11 18:42:08 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 10:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/07/19 15:25:54 | 000,082,488 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\d3_kafm.sys -- (SC_SERV3D)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/29 06:07:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/06/21 16:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/19 09:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2010/05/24 16:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/01 10:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/04 18:53:02 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 05:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/10 20:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/18 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119556&tt=gc_&babsrc=HP_ss&mntrId=CA8F485D60D37C34
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/?utm_source%3Dwww.domtail.com&scc=1&ltmpl=googlemail
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=gc_&babsrc=SP_ss&mntrId=CA8F485D60D37C34
IE - HKCU\..\SearchScopes\{121121C7-7212-4936-AD77-45D7AA154DFF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE419
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE419
IE - HKCU\..\SearchScopes\{DFB28FD5-9390-4A0E-861F-3CEB9D4EA47A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE419
IE - HKCU\..\SearchScopes\{F2CD153B-8A19-47C0-82E4-E1D8A5D3DE6C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE419
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/05/01 10:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/05/01 10:40:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsFolder.co: C:\Program Files (x86)\LyricsFolder\116.xpi [2013/06/24 10:31:56 | 000,005,565 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\116.xpi [2013/07/04 09:11:32 | 000,005,593 | ---- | M] ()

[2013/05/28 22:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DtvIePwdSafeBHO64 Class) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
O2:64bit: - BHO: (no name) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\116.dll (RYD Software)
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O2 - BHO: (LyricsFolder) - {AF252F2C-0F44-47A7-89B9-3AFF5A17DEB2} - C:\Program Files (x86)\LyricsFolder\116.dll (LormanSoftware)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [SPUpdSentinel] "C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe" -SERVICEARGS=c File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111117062234 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4797AD9E-4707-4C5F-B5AB-8768C3EE091A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/04 13:56:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/04 13:56:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/04 09:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013/06/24 10:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFolder
[2013/06/11 08:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/11 08:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/11 08:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/11 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/11 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/11 08:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/11 08:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/11 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/11 08:41:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/04 14:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/04 14:18:12 | 000,000,000 | ---- | M] () -- C:\Users\InaIngo\defogger_reenable
[2013/07/04 13:24:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/04 10:21:13 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\LyricsFolder Update.job
[2013/07/04 09:36:08 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/04 09:36:08 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/04 09:25:58 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/04 09:25:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 09:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/04 09:23:32 | 3061,911,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/03 10:28:58 | 001,891,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/03 10:28:58 | 000,805,894 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/03 10:28:58 | 000,742,816 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/03 10:28:58 | 000,190,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/03 10:28:58 | 000,152,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/26 15:34:05 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/06/12 11:43:08 | 000,001,093 | ---- | M] () -- C:\Users\InaIngo\Desktop\Continue Vid-Saver Installation.lnk
[2013/06/11 08:46:41 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/11 08:41:58 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/04 14:18:12 | 000,000,000 | ---- | C] () -- C:\Users\InaIngo\defogger_reenable
[2013/07/04 09:11:32 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/06/24 10:31:56 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\LyricsFolder Update.job
[2013/06/12 11:43:08 | 000,001,093 | ---- | C] () -- C:\Users\InaIngo\Desktop\Continue Vid-Saver Installation.lnk
[2013/06/11 08:46:41 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/11 08:41:58 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/03/07 10:58:09 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/08/30 14:04:29 | 000,002,532 | ---- | C] () -- C:\Users\InaIngo\AppData\Local\recently-used.xbel
[2012/08/29 22:40:00 | 000,003,584 | ---- | C] () -- C:\Users\InaIngo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 20:35:59 | 000,000,095 | ---- | C] () -- C:\Users\InaIngo\AppData\Local\fusioncache.dat
[2012/02/02 20:00:12 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012/02/02 19:54:19 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012/02/02 19:51:18 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/09 17:38:55 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/10 15:24:31 | 000,000,000 | -HSD | M] -- C:\Users\InaIngo\AppData\Roaming\.#
[2012/03/14 17:26:44 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Alawar Entertainment
[2012/04/20 17:09:07 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\AlawarEntertainment
[2011/12/23 20:51:21 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Amazon
[2012/03/02 14:18:48 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Artogon
[2012/06/11 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Ashampoo
[2012/08/29 22:40:39 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Ashampoo Photo Commander 8
[2012/04/17 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Blue Tea Games
[2012/02/01 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Boolat Games
[2012/04/03 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Boomzap
[2012/04/21 12:11:14 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Canon
[2011/12/28 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\DailyMagic
[2013/01/12 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\DVDVideoSoft
[2012/01/09 16:45:22 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\EleFun Games
[2012/04/27 08:35:43 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Elephant Games
[2012/05/30 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\elsterformular
[2012/01/11 10:09:18 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Enki Games
[2012/04/17 15:11:35 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\ERS Game Studios
[2011/12/27 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Fenomen Games
[2012/02/03 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Freeze Tag
[2012/01/19 10:06:53 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Friday's games
[2012/03/13 14:29:09 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Frogwares
[2012/04/18 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\GameMill Entertainment
[2012/01/06 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Ghost Ship Studios
[2011/12/30 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\GO Games
[2012/03/29 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Gogii
[2011/12/28 01:13:01 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\HdO Adventure
[2011/05/02 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Lexware
[2012/01/03 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\MagicIndie
[2013/06/18 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\MediaMonkey
[2012/10/03 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Memeo
[2012/05/01 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Nokia
[2012/02/07 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Orneon
[2012/05/01 10:46:17 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\PC Suite
[2012/04/07 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\PlayPond
[2012/04/17 14:18:40 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Princess Isabella
[2011/06/18 12:44:20 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\RavensburgerTipToi
[2012/04/12 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Silverback Productions
[2011/09/22 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Sony
[2013/04/12 08:51:34 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Sony Network Entertainment International LLC
[2012/03/19 15:40:18 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\TikisLab
[2012/01/06 23:24:35 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Vast Studios
[2012/03/30 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Vogat Interactive
[2011/04/27 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\InaIngo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:FAFEC4B9
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:E87AB4E3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp6A4A911
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2B856118
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TempC7EDF41
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:491270B8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C0BCE04B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A0921B2C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9F3CEEE6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BD34FFC5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:59465B40
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp5BF78B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EDDBC69E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2AD33723
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B6E6C4EA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:27974442
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A9223B61
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E5496666
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:72A1B66A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AAA06E15
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:1416AAA6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2211E7A0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D

< End of report >




nun kommt gmer:


GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-04 15:13:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\InaIngo\AppData\Local\Temp\pwriqfod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800035a6000 71 bytes [68, 44, 8A, 5C, 24, 60, 89, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 632 fffff800035a6048 23 bytes [00, 00, 02, 75, 10, 85, ED, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[852] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1148] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1416] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE[2336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe[1376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[1652] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[820] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[2468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\DATEV\PROGRAMM\B0000404\msdisrv.exe[1036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\DATEV\PROGRAMM\B0000404\msdisrv.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\DATEV\PROGRAMM\B0000404\msdisrv.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\PDF24\pdf24.exe[2580] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\PDF24\pdf24.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\PDF24\pdf24.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3116] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3252] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3760] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[3824] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1596] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe[3568] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe[3568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe[3568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe[3632] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2972] C:\Windows\syswow64\user32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Windows\SysWOW64\schtasks.exe[9496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Windows\SysWOW64\schtasks.exe[9496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Windows\SysWOW64\schtasks.exe[9496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3224] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4660] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[10744] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[10744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[10744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Users\InaIngo\Downloads\gmer_2.1.19163.exe[7792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007628cfca 5 bytes JMP 00000001754f4bb0
.text C:\Users\InaIngo\Downloads\gmer_2.1.19163.exe[7792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Users\InaIngo\Downloads\gmer_2.1.19163.exe[7792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3148] 0000000077ec2e25
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3016] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1704] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2808] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2156] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3540] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3564] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1768] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2532] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2932] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1908] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3600] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3616] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3592] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1268] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2892] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2888] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:4016] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3904] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3900] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1280] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1880] 0000000077ec3e45
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3300] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3056] 000000006bc11c2f
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3360] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3664] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2380] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2984] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3696] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:3936] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:1856] 0000000072de29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3992:2724] 0000000077ec3e45

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Könnt ihr mir weiterhelfen, das wäre genial, ich weiß nicht wie ich das Zeugs sonst wegbekomme mit den ständigen Popups.
im Voraus schonmal herzlichen Dank

Alt 04.07.2013, 14:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 
bizcoaching Popup öffnet sich bei fast jedem Klick im IE10 - Standard

bizcoaching Popup öffnet sich bei fast jedem Klick im IE10


einer reicht
__________________

__________________
 

Themen zu bizcoaching Popup öffnet sich bei fast jedem Klick im IE10
adobe, bho, bonjour, canon, continue, defender, downloader, ebay, error, explorer, firefox, flash player, format, freeze, helper, home, iexplore.exe, launch, logfile, nvpciflt.sys, plug-in, popup, realtek, registry, scan, security, senden, software, temp, windows


« 2x Was ist softwareupdater.ui.exe? Ist das schädlich? | 2x Neues Problem mysearchdeal.com »


Ähnliche Themen: bizcoaching Popup öffnet sich bei fast jedem Klick im IE10


  1. Windows 7 DNS-Unlocker öffnet bei jedem Klick Werbefenster
    Log-Analyse und Auswertung - 06.10.2015 (13)
  2. Bei jedem Klick auf einen Link öffnet sich falsche Seite
    Log-Analyse und Auswertung - 24.09.2015 (20)
  3. Bei fast jedem Klick öffnen sich Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 06.08.2015 (16)
  4. Bei fast jedem Klick geht eine neue Seite mit Werbung auf
    Log-Analyse und Auswertung - 12.02.2015 (23)
  5. Internet Browser:Fast jeder klick öffnet einen neuen Tab
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (9)
  6. Windows7: bei jedem Klick öffnet sich ein neuer Tab mit Werbung - egal welcher Browser
    Log-Analyse und Auswertung - 26.02.2014 (19)
  7. Bei jedem Klick öffnet sich ein neues Werbefenster
    Log-Analyse und Auswertung - 27.01.2014 (9)
  8. unerwünschte Werbung und neue Tabs bei fast jedem Klick - Windows8, mozilla Firefox
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (32)
  9. Fast bei jedem Klick öffnet sich ein neuer Tab mit Werbung bei firefox und bei chrome
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (16)
  10. win7 Internet: bei fast jedem klick öffnet sich leeres Fenster mit JVL LIBPACK.NET Verdacht auf Spyware oder Virus!
    Log-Analyse und Auswertung - 16.09.2013 (8)
  11. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Log-Analyse und Auswertung - 09.08.2013 (17)
  12. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Mülltonne - 05.08.2013 (0)
  13. Firefox: Fast bei jedem Klick öffnet sich ein neuer Tab mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (9)
  14. Internet Explorer öffnet sich bei jedem Klick und jeder Aktion immer wieder
    Log-Analyse und Auswertung - 04.11.2009 (19)
  15. Nach jedem Klick öffnet sich free-virusscan.com. Hijack-Log inside :-)
    Log-Analyse und Auswertung - 02.08.2008 (8)
  16. Seite öffnet sich bei jedem klick per Viruspr. nicht identifizierbar
    Plagegeister aller Art und deren Bekämpfung - 24.06.2008 (3)
  17. Werbefenster öffnen sich im Firefox bei fast jedem Klick
    Log-Analyse und Auswertung - 26.04.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema bizcoaching Popup öffnet sich bei fast jedem Klick im IE10 - Hallo liebe Forum-Mitglieder, leider habe ich in letzter Zeit bei jedem Klick in meinem IE10, das sich zusätzlich auch noch ein Bizcoaching Fenster öffnet, ich habe verfolge gerade Eure Anleitung - bizcoaching Popup öffnet sich bei fast jedem Klick im IE10...
Archiv
Du betrachtest: bizcoaching Popup öffnet sich bei fast jedem Klick im IE10 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131