Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Groupon-Trojaner

Groupon-Trojaner


Plagegeister aller Art und deren Bekämpfung: Groupon-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.03.2013, 14:02   #1
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo. Wir haben gestern auch die berüchtigte Groupon-Rechnung bekommen. Meine Frau ist sich nicht sicher(?), ob sie den Anhang geöffnet hat. Ich habe heute eine Suchlauf mit Norton Internet Security, Spybot und Malewarebytes gemacht.(Jeweils natürlich aktuellste Version.)
Es wurde von keinem Scanner eine Bedrohung gefunden.
Bedeudet das jetzt, dass ich auf der sicheren Seite bin oder kann der Trojaner trotzdem auf meinem Rechner sein.

Für Hilfe wäre ich dankbar

Alt 16.03.2013, 18:40   #2
aharonov
/// TB-Ausbilder
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo Eddie77 und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.


Zitat:
Bedeudet das jetzt, dass ich auf der sicheren Seite bin oder kann der Trojaner trotzdem auf meinem Rechner sein.
Wenn deine Frau nicht sicher ist, ob sie den Anhang aufgeführt hat oder nicht, dann sollten wir besser einmal nachschauen:


Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Gmer
  • Logs von OTL
__________________

__________________
Alt 17.03.2013, 11:35   #3
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


So, bin fertig !

Gmer.txt

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 10:53:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: hiel58lo.exe; Driver: C:\Users\EDDIE\AppData\Local\Temp\uwtoapod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          0000000076f9fc90 5 bytes JMP 000000010029091c
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        0000000076f9fdf4 5 bytes JMP 0000000100290048
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 0000000076f9fe88 5 bytes JMP 00000001002902ee
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000076f9ffe4 5 bytes JMP 00000001002904b2
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000076fa0018 5 bytes JMP 00000001002909fe
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000076fa0048 5 bytes JMP 0000000100290ae0
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              0000000076fa077c 5 bytes JMP 000000010029012a
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  0000000076fa086c 5 bytes JMP 0000000100290758
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000076fa0884 5 bytes JMP 0000000100290676
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000076fa0dd4 5 bytes JMP 00000001002903d0
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000076fa1900 5 bytes JMP 0000000100290594
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000076fa1bc4 5 bytes JMP 000000010029083a
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000076fa1d50 5 bytes JMP 000000010029020c
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000075a5524f 7 bytes JMP 0000000100290f52
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000075a553d0 7 bytes JMP 00000001002a0210
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000075a55677 1 byte JMP 00000001002a0048
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000075a55679 5 bytes {JMP 0xffffffff8a84a9d1}
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000075a5589a 7 bytes JMP 0000000100290ca6
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000075a55a1d 7 bytes JMP 00000001002a03d8
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000075a55c9b 7 bytes JMP 00000001002a012c
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000075a55d87 7 bytes JMP 00000001002a02f4
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000075a57240 7 bytes JMP 0000000100290e6e
.text   C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000075481492 7 bytes JMP 00000001002a0762
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               0000000076f9fc90 5 bytes JMP 000000010011091c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                             0000000076f9fdf4 5 bytes JMP 0000000100110048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                      0000000076f9fe88 5 bytes JMP 00000001001102ee
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   0000000076f9ffe4 5 bytes JMP 00000001001104b2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           0000000076fa0018 5 bytes JMP 00000001001109fe
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                   0000000076fa0048 5 bytes JMP 0000000100110ae0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                   0000000076fa077c 5 bytes JMP 000000010011012a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       0000000076fa086c 5 bytes JMP 0000000100110758
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 0000000076fa0884 5 bytes JMP 0000000100110676
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     0000000076fa0dd4 5 bytes JMP 00000001001103d0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               0000000076fa1900 5 bytes JMP 0000000100110594
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           0000000076fa1bc4 5 bytes JMP 000000010011083a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                  0000000076fa1d50 5 bytes JMP 000000010011020c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                      0000000075481492 7 bytes JMP 000000010012059e
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                 0000000075a5524f 7 bytes JMP 0000000100110f52
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                     0000000075a553d0 7 bytes JMP 0000000100120210
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                    0000000075a55677 1 byte JMP 0000000100120048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                    0000000075a55679 5 bytes {JMP 0xffffffff8a6ca9d1}
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                           0000000075a5589a 7 bytes JMP 0000000100110ca6
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                           0000000075a55a1d 7 bytes JMP 00000001001203d8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                      0000000075a55c9b 7 bytes JMP 000000010012012c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                        0000000075a55d87 7 bytes JMP 00000001001202f4
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                       0000000075a57240 7 bytes JMP 0000000100110e6e
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                 0000000076f9fc90 5 bytes JMP 00000001008c091c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                               0000000076f9fdf4 5 bytes JMP 00000001008c0048
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                        0000000076f9fe88 5 bytes JMP 00000001008c02ee
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                     0000000076f9ffe4 5 bytes JMP 00000001008c04b2
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                             0000000076fa0018 5 bytes JMP 00000001008c09fe
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                     0000000076fa0048 5 bytes JMP 00000001008c0ae0
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                  0000000076fa0064 5 bytes JMP 000000010076004c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                     0000000076fa077c 5 bytes JMP 00000001008c012a
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                         0000000076fa086c 5 bytes JMP 00000001008c0758
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                   0000000076fa0884 5 bytes JMP 00000001008c0676
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                       0000000076fa0dd4 5 bytes JMP 00000001008c03d0
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                 0000000076fa1900 5 bytes JMP 00000001008c0594
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                             0000000076fa1bc4 5 bytes JMP 00000001008c083a
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                    0000000076fa1d50 5 bytes JMP 00000001008c020c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                   0000000075a5524f 7 bytes JMP 00000001008c0f52
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                       0000000075a553d0 7 bytes JMP 00000001008d0210
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                      0000000075a55677 1 byte JMP 00000001008d0048
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                      0000000075a55679 5 bytes {JMP 0xffffffff8ae7a9d1}
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                             0000000075a5589a 7 bytes JMP 00000001008c0ca6
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                             0000000075a55a1d 7 bytes JMP 00000001008d03d8
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                        0000000075a55c9b 7 bytes JMP 00000001008d012c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                          0000000075a55d87 7 bytes JMP 00000001008d02f4
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                         0000000075a57240 7 bytes JMP 00000001008c0e6e
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                        0000000075481492 7 bytes JMP 00000001008d04bc
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076ae1465 2 bytes [AE, 76]
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000076ae14bb 2 bytes [AE, 76]
.text   ...                                                                                                                                                               * 2
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000076f9fc90 5 bytes JMP 000000010045091c
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             0000000076f9fdf4 5 bytes JMP 0000000100450048
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      0000000076f9fe88 5 bytes JMP 00000001004502ee
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   0000000076f9ffe4 5 bytes JMP 00000001004504b2
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000076fa0018 5 bytes JMP 00000001004509fe
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   0000000076fa0048 5 bytes JMP 0000000100450ae0
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   0000000076fa077c 5 bytes JMP 000000010045012a
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000076fa086c 5 bytes JMP 0000000100450758
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 0000000076fa0884 5 bytes JMP 0000000100450676
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     0000000076fa0dd4 5 bytes JMP 00000001004503d0
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000076fa1900 5 bytes JMP 0000000100450594
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           0000000076fa1bc4 5 bytes JMP 000000010045083a
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  0000000076fa1d50 5 bytes JMP 000000010045020c
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      0000000075481492 7 bytes JMP 000000010046059e
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 0000000075a5524f 7 bytes JMP 0000000100450f52
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     0000000075a553d0 7 bytes JMP 0000000100460210
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000075a55677 1 byte JMP 0000000100460048
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000075a55679 5 bytes {JMP 0xffffffff8aa0a9d1}
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           0000000075a5589a 7 bytes JMP 0000000100450ca6
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000075a55a1d 7 bytes JMP 00000001004603d8
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000075a55c9b 7 bytes JMP 000000010046012c
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000075a55d87 7 bytes JMP 00000001004602f4
.text   C:\ProgramData\DatacardService\DCService.exe[2028] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000075a57240 7 bytes JMP 0000000100450e6e
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                             0000000076f9fc90 5 bytes JMP 000000010021091c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                           0000000076f9fdf4 5 bytes JMP 0000000100210048
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                    0000000076f9fe88 5 bytes JMP 00000001002102ee
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                 0000000076f9ffe4 5 bytes JMP 00000001002104b2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                         0000000076fa0018 5 bytes JMP 00000001002109fe
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                 0000000076fa0048 5 bytes JMP 0000000100210ae0
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                              0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                 0000000076fa077c 5 bytes JMP 000000010021012a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                     0000000076fa086c 5 bytes JMP 0000000100210758
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                               0000000076fa0884 5 bytes JMP 0000000100210676
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                   0000000076fa0dd4 5 bytes JMP 00000001002103d0
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                             0000000076fa1900 5 bytes JMP 0000000100210594
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                         0000000076fa1bc4 5 bytes JMP 000000010021083a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                0000000076fa1d50 5 bytes JMP 000000010021020c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206               0000000075a5524f 7 bytes JMP 0000000100210f52
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                   0000000075a553d0 7 bytes JMP 00000001002a0210
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                  0000000075a55677 1 byte JMP 00000001002a0048
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                  0000000075a55679 5 bytes {JMP 0xffffffff8a84a9d1}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                         0000000075a5589a 7 bytes JMP 0000000100210ca6
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                         0000000075a55a1d 7 bytes JMP 00000001002a03d8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                    0000000075a55c9b 7 bytes JMP 00000001002a012c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                      0000000075a55d87 7 bytes JMP 00000001002a02f4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123     0000000075a57240 7 bytes JMP 0000000100210e6e
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                    0000000075481492 7 bytes JMP 00000001002a04bc
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000076f9fc90 5 bytes JMP 000000010028091c
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             0000000076f9fdf4 5 bytes JMP 0000000100280048
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      0000000076f9fe88 5 bytes JMP 00000001002802ee
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   0000000076f9ffe4 5 bytes JMP 00000001002804b2
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000076fa0018 5 bytes JMP 00000001002809fe
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   0000000076fa0048 5 bytes JMP 0000000100280ae0
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   0000000076fa077c 5 bytes JMP 000000010028012a
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000076fa086c 5 bytes JMP 0000000100280758
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 0000000076fa0884 5 bytes JMP 0000000100280676
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     0000000076fa0dd4 5 bytes JMP 00000001002803d0
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000076fa1900 5 bytes JMP 0000000100280594
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           0000000076fa1bc4 5 bytes JMP 000000010028083a
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  0000000076fa1d50 5 bytes JMP 000000010028020c
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      0000000075481492 7 bytes JMP 000000010029059e
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 0000000075a5524f 7 bytes JMP 0000000100280f52
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     0000000075a553d0 7 bytes JMP 0000000100290210
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000075a55677 1 byte JMP 0000000100290048
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000075a55679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           0000000075a5589a 7 bytes JMP 0000000100280ca6
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000075a55a1d 7 bytes JMP 00000001002903d8
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000075a55c9b 7 bytes JMP 000000010029012c
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000075a55d87 7 bytes JMP 00000001002902f4
.text   C:\ProgramData\DatacardService\DCSHelper.exe[1560] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000075a57240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                              0000000076f9fc90 5 bytes JMP 000000010024091c
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                            0000000076f9fdf4 5 bytes JMP 0000000100240048
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                     0000000076f9fe88 5 bytes JMP 00000001002402ee
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                  0000000076f9ffe4 5 bytes JMP 00000001002404b2
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                          0000000076fa0018 5 bytes JMP 00000001002409fe
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                  0000000076fa0048 5 bytes JMP 0000000100240ae0
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                               0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                  0000000076fa077c 5 bytes JMP 000000010024012a
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                      0000000076fa086c 5 bytes JMP 0000000100240758
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                0000000076fa0884 5 bytes JMP 0000000100240676
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                    0000000076fa0dd4 5 bytes JMP 00000001002403d0
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                              0000000076fa1900 5 bytes JMP 0000000100240594
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                          0000000076fa1bc4 5 bytes JMP 000000010024083a
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                 0000000076fa1d50 5 bytes JMP 000000010024020c
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                     0000000075481492 7 bytes JMP 000000010025059e
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                0000000075a5524f 7 bytes JMP 0000000100240f52
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                    0000000075a553d0 7 bytes JMP 0000000100250210
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                   0000000075a55677 1 byte JMP 0000000100250048
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                   0000000075a55679 5 bytes {JMP 0xffffffff8a7fa9d1}
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                          0000000075a5589a 7 bytes JMP 0000000100240ca6
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                          0000000075a55a1d 7 bytes JMP 00000001002503d8
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                     0000000075a55c9b 7 bytes JMP 000000010025012c
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                       0000000075a55d87 7 bytes JMP 00000001002502f4
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                      0000000075a57240 7 bytes JMP 0000000100240e6e
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                       0000000076ae1465 2 bytes [AE, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                      0000000076ae14bb 2 bytes [AE, 76]
.text   ...                                                                                                                                                               * 2
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                           0000000076f9fc90 5 bytes JMP 00000001002a091c
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                         0000000076f9fdf4 5 bytes JMP 00000001002a0048
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                  0000000076f9fe88 5 bytes JMP 00000001002a02ee
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                               0000000076f9ffe4 5 bytes JMP 00000001002a04b2
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                       0000000076fa0018 5 bytes JMP 00000001002a09fe
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                               0000000076fa0048 5 bytes JMP 00000001002a0ae0
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                            0000000076fa0064 5 bytes JMP 000000010024004c
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                               0000000076fa077c 5 bytes JMP 00000001002a012a
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                   0000000076fa086c 5 bytes JMP 00000001002a0758
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                             0000000076fa0884 5 bytes JMP 00000001002a0676
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                 0000000076fa0dd4 5 bytes JMP 00000001002a03d0
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                           0000000076fa1900 5 bytes JMP 00000001002a0594
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                       0000000076fa1bc4 5 bytes JMP 00000001002a083a
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                              0000000076fa1d50 5 bytes JMP 00000001002a020c
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                  0000000075481492 7 bytes JMP 00000001002b059e
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206             0000000075a5524f 7 bytes JMP 00000001002a0f52
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                 0000000075a553d0 7 bytes JMP 00000001002b0210
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                0000000075a55677 1 byte JMP 00000001002b0048
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                0000000075a55679 5 bytes {JMP 0xffffffff8a85a9d1}
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                       0000000075a5589a 7 bytes JMP 00000001002a0ca6
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                       0000000075a55a1d 7 bytes JMP 00000001002b03d8
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                  0000000075a55c9b 7 bytes JMP 00000001002b012c
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                    0000000075a55d87 7 bytes JMP 00000001002b02f4
.text   C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe[2748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123   0000000075a57240 7 bytes JMP 00000001002a0e6e
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                0000000076f9fc90 5 bytes JMP 00000001000a091c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                              0000000076f9fdf4 5 bytes JMP 00000001000a0048
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                       0000000076f9fe88 5 bytes JMP 00000001000a02ee
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                    0000000076f9ffe4 5 bytes JMP 00000001000a04b2
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            0000000076fa0018 5 bytes JMP 00000001000a09fe
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                    0000000076fa0048 5 bytes JMP 00000001000a0ae0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                 0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                    0000000076fa077c 5 bytes JMP 00000001000a012a
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000076fa086c 5 bytes JMP 00000001000a0758
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                  0000000076fa0884 5 bytes JMP 00000001000a0676
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                      0000000076fa0dd4 5 bytes JMP 00000001000a03d0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                0000000076fa1900 5 bytes JMP 00000001000a0594
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                            0000000076fa1bc4 5 bytes JMP 00000001000a083a
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                   0000000076fa1d50 5 bytes JMP 00000001000a020c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                       0000000075481492 7 bytes JMP 00000001000b059e
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                  0000000075a5524f 7 bytes JMP 00000001000a0f52
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                      0000000075a553d0 7 bytes JMP 00000001000b0210
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                     0000000075a55677 1 byte JMP 00000001000b0048
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                     0000000075a55679 5 bytes {JMP 0xffffffff8a65a9d1}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                            0000000075a5589a 7 bytes JMP 00000001000a0ca6
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                            0000000075a55a1d 7 bytes JMP 00000001000b03d8
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                       0000000075a55c9b 7 bytes JMP 00000001000b012c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                         0000000075a55d87 7 bytes JMP 00000001000b02f4
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2808] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                        0000000075a57240 7 bytes JMP 00000001000a0e6e
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                0000000076f9fc90 5 bytes JMP 000000010106091c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                              0000000076f9fdf4 5 bytes JMP 0000000101060048
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                       0000000076f9fe88 5 bytes JMP 00000001010602ee
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                    0000000076f9ffe4 5 bytes JMP 00000001010604b2
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            0000000076fa0018 5 bytes JMP 00000001010609fe
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                    0000000076fa0048 5 bytes JMP 0000000101060ae0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                 0000000076fa0064 5 bytes JMP 000000010104004c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                    0000000076fa077c 5 bytes JMP 000000010106012a
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000076fa086c 5 bytes JMP 0000000101060758
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                  0000000076fa0884 5 bytes JMP 0000000101060676
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                      0000000076fa0dd4 5 bytes JMP 00000001010603d0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                0000000076fa1900 5 bytes JMP 0000000101060594
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                            0000000076fa1bc4 5 bytes JMP 000000010106083a
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                   0000000076fa1d50 5 bytes JMP 000000010106020c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                       0000000075481492 7 bytes JMP 000000010107059e
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                  0000000075a5524f 7 bytes JMP 0000000101060f52
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                      0000000075a553d0 7 bytes JMP 0000000101070210
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                     0000000075a55677 1 byte JMP 0000000101070048
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                     0000000075a55679 5 bytes {JMP 0xffffffff8b61a9d1}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                            0000000075a5589a 7 bytes JMP 0000000101060ca6
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                            0000000075a55a1d 7 bytes JMP 00000001010703d8
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                       0000000075a55c9b 7 bytes JMP 000000010107012c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                         0000000075a55d87 7 bytes JMP 00000001010702f4
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                        0000000075a57240 7 bytes JMP 0000000101060e6e
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000076ae1465 2 bytes [AE, 76]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076ae14bb 2 bytes [AE, 76]
.text   ...                                                                                                                                                               * 2
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                         0000000076f9fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                       0000000076f9fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                0000000076f9fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                             0000000076f9ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                     0000000076fa0018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                             0000000076fa0048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                          0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                             0000000076fa077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000076fa086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                           0000000076fa0884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                               0000000076fa0dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                         0000000076fa1900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                     0000000076fa1bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                            0000000076fa1d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                           0000000075a5524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                               0000000075a553d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                              0000000075a55677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                              0000000075a55679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                     0000000075a5589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                     0000000075a55a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                0000000075a55c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                  0000000075a55d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                 0000000075a57240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[2152] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                0000000075481492 7 bytes JMP 00000001002904bc
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     0000000076f9fc90 5 bytes JMP 000000010052091c
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                   0000000076f9fdf4 5 bytes JMP 0000000100520048
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                            0000000076f9fe88 5 bytes JMP 00000001005202ee
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                         0000000076f9ffe4 5 bytes JMP 00000001005204b2
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000076fa0018 5 bytes JMP 00000001005209fe
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                         0000000076fa0048 5 bytes JMP 0000000100520ae0
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                      0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                         0000000076fa077c 5 bytes JMP 000000010052012a
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                             0000000076fa086c 5 bytes JMP 0000000100520758
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                       0000000076fa0884 5 bytes JMP 0000000100520676
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                           0000000076fa0dd4 5 bytes JMP 00000001005203d0
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000076fa1900 5 bytes JMP 0000000100520594
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                 0000000076fa1bc4 5 bytes JMP 000000010052083a
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                        0000000076fa1d50 5 bytes JMP 000000010052020c
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                       0000000075a5524f 7 bytes JMP 0000000100520f52
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                           0000000075a553d0 7 bytes JMP 0000000100530210
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                          0000000075a55677 1 byte JMP 0000000100530048
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                          0000000075a55679 5 bytes {JMP 0xffffffff8aada9d1}
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                 0000000075a5589a 7 bytes JMP 0000000100520ca6
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                 0000000075a55a1d 7 bytes JMP 00000001005303d8
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                            0000000075a55c9b 7 bytes JMP 000000010053012c
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                              0000000075a55d87 7 bytes JMP 00000001005302f4
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123             0000000075a57240 7 bytes JMP 0000000100520e6e
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[2144] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                            0000000075481492 7 bytes JMP 00000001005304bc
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                      0000000076f9fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                    0000000076f9fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                             0000000076f9fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                          0000000076f9ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000076fa0018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                          0000000076fa0048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                       0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                          0000000076fa077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                              0000000076fa086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                        0000000076fa0884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                            0000000076fa0dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                      0000000076fa1900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                  0000000076fa1bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                         0000000076fa1d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                             0000000075481492 7 bytes JMP 000000010029059e
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                        0000000075a5524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                            0000000075a553d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                           0000000075a55677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                           0000000075a55679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                  0000000075a5589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                  0000000075a55a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                             0000000075a55c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                               0000000075a55d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[464] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                              0000000075a57240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         0000000076f9fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       0000000076f9fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                0000000076f9fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                             0000000076f9ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000076fa0018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                             0000000076fa0048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                          0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                             0000000076fa077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                 0000000076fa086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           0000000076fa0884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                               0000000076fa0dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                         0000000076fa1900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     0000000076fa1bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                            0000000076fa1d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                0000000075481492 7 bytes JMP 000000010029059e
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                           0000000075a5524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                               0000000075a553d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                              0000000075a55677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                              0000000075a55679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                     0000000075a5589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                     0000000075a55a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                0000000075a55c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                  0000000075a55d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe[928] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                 0000000075a57240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                 0000000076f9fc90 5 bytes JMP 00000001001d091c
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                               0000000076f9fdf4 5 bytes JMP 00000001001d0048
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                        0000000076f9fe88 5 bytes JMP 00000001001d02ee
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                     0000000076f9ffe4 5 bytes JMP 00000001001d04b2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                             0000000076fa0018 5 bytes JMP 00000001001d09fe
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                     0000000076fa0048 5 bytes JMP 00000001001d0ae0
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                  0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                     0000000076fa077c 5 bytes JMP 00000001001d012a
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                         0000000076fa086c 5 bytes JMP 00000001001d0758
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                   0000000076fa0884 5 bytes JMP 00000001001d0676
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                       0000000076fa0dd4 5 bytes JMP 00000001001d03d0
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                 0000000076fa1900 5 bytes JMP 00000001001d0594
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                             0000000076fa1bc4 5 bytes JMP 00000001001d083a
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                    0000000076fa1d50 5 bytes JMP 00000001001d020c
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                        0000000075481492 7 bytes JMP 00000001001e059e
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                   0000000075a5524f 7 bytes JMP 00000001001d0f52
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                       0000000075a553d0 7 bytes JMP 00000001001e0210
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                      0000000075a55677 1 byte JMP 00000001001e0048
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                      0000000075a55679 5 bytes {JMP 0xffffffff8a78a9d1}
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                             0000000075a5589a 7 bytes JMP 00000001001d0ca6
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                             0000000075a55a1d 7 bytes JMP 00000001001e03d8
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                        0000000075a55c9b 7 bytes JMP 00000001001e012c
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                          0000000075a55d87 7 bytes JMP 00000001001e02f4
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2408] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                         0000000075a57240 7 bytes JMP 00000001001d0e6e
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                           0000000076f9fc90 5 bytes JMP 000000010025091c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                         0000000076f9fdf4 5 bytes JMP 0000000100250048
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                  0000000076f9fe88 5 bytes JMP 00000001002502ee
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                               0000000076f9ffe4 5 bytes JMP 00000001002504b2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000076fa0018 5 bytes JMP 00000001002509fe
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                               0000000076fa0048 5 bytes JMP 0000000100250ae0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                            0000000076fa0064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                               0000000076fa077c 5 bytes JMP 000000010025012a
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   0000000076fa086c 5 bytes JMP 0000000100250758
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                             0000000076fa0884 5 bytes JMP 0000000100250676
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                 0000000076fa0dd4 5 bytes JMP 00000001002503d0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                           0000000076fa1900 5 bytes JMP 0000000100250594
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                       0000000076fa1bc4 5 bytes JMP 000000010025083a
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                              0000000076fa1d50 5 bytes JMP 000000010025020c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                             0000000075a5524f 7 bytes JMP 0000000100250f52
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                 0000000075a553d0 7 bytes JMP 0000000100260210
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                0000000075a55677 1 byte JMP 0000000100260048
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                0000000075a55679 5 bytes {JMP 0xffffffff8a80a9d1}
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                       0000000075a5589a 7 bytes JMP 0000000100250ca6
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                       0000000075a55a1d 7 bytes JMP 00000001002603d8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                  0000000075a55c9b 7 bytes JMP 000000010026012c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                    0000000075a55d87 7 bytes JMP 00000001002602f4
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                   0000000075a57240 7 bytes JMP 0000000100250e6e
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2580] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                  0000000075481492 7 bytes JMP 000000010026059e
?       C:\Windows\system32\mssprxy.dll [3696] entry point in ".rdata" section                                                                                            00000000724571e6
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076ae1465 2 bytes [AE, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000076ae14bb 2 bytes [AE, 76]
.text   ...                                                                                                                                                               * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                             0000000076f9fc90 5 bytes JMP 000000010079091c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                           0000000076f9fdf4 5 bytes JMP 0000000100790048
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                    0000000076f9fe88 5 bytes JMP 00000001007902ee
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                 0000000076f9ffe4 5 bytes JMP 00000001007904b2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                         0000000076fa0018 5 bytes JMP 00000001007909fe
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                 0000000076fa0048 5 bytes JMP 0000000100790ae0
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                              0000000076fa0064 5 bytes JMP 00000001003e004c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                 0000000076fa077c 5 bytes JMP 000000010079012a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                     0000000076fa086c 5 bytes JMP 0000000100790758
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                               0000000076fa0884 5 bytes JMP 0000000100790676
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                   0000000076fa0dd4 5 bytes JMP 00000001007903d0
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                             0000000076fa1900 5 bytes JMP 0000000100790594
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                         0000000076fa1bc4 5 bytes JMP 000000010079083a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                0000000076fa1d50 5 bytes JMP 000000010079020c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206               0000000075a5524f 7 bytes JMP 0000000100790f52
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                   0000000075a553d0 7 bytes JMP 00000001007a0210
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                  0000000075a55677 1 byte JMP 00000001007a0048
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                  0000000075a55679 5 bytes {JMP 0xffffffff8ad4a9d1}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                         0000000075a5589a 7 bytes JMP 0000000100790ca6
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                         0000000075a55a1d 7 bytes JMP 00000001007a03d8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                    0000000075a55c9b 7 bytes JMP 00000001007a012c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                      0000000075a55d87 7 bytes JMP 00000001007a02f4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123     0000000075a57240 7 bytes JMP 0000000100790e6e
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                    0000000075481492 7 bytes JMP 00000001007a059e
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076ae1465 2 bytes [AE, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000076ae14bb 2 bytes [AE, 76]
.text   ...                                                                                                                                                               * 2
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                      0000000076f9fc90 5 bytes JMP 000000010031091c
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076f9fdf4 5 bytes JMP 0000000100310048
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                             0000000076f9fe88 5 bytes JMP 00000001003102ee
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                          0000000076f9ffe4 5 bytes JMP 00000001003104b2
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                  0000000076fa0018 5 bytes JMP 00000001003109fe
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                          0000000076fa0048 5 bytes JMP 0000000100310ae0
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                       0000000076fa0064 5 bytes JMP 000000010003004c
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                          0000000076fa077c 5 bytes JMP 000000010031012a
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                              0000000076fa086c 5 bytes JMP 0000000100310758
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                        0000000076fa0884 5 bytes JMP 0000000100310676
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                            0000000076fa0dd4 5 bytes JMP 00000001003103d0
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                      0000000076fa1900 5 bytes JMP 0000000100310594
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                  0000000076fa1bc4 5 bytes JMP 000000010031083a
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                         0000000076fa1d50 5 bytes JMP 000000010031020c
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                        0000000075a5524f 7 bytes JMP 0000000100310f52
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                            0000000075a553d0 7 bytes JMP 0000000100320210
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                           0000000075a55677 1 byte JMP 0000000100320048
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                           0000000075a55679 5 bytes {JMP 0xffffffff8a8ca9d1}
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                  0000000075a5589a 7 bytes JMP 0000000100310ca6
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                  0000000075a55a1d 7 bytes JMP 00000001003203d8
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                             0000000075a55c9b 7 bytes JMP 000000010032012c
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                               0000000075a55d87 7 bytes JMP 00000001003202f4
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                              0000000075a57240 7 bytes JMP 0000000100310e6e
.text   C:\Users\EDDIE\Downloads\hiel58lo.exe[4504] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                             0000000075481492 7 bytes JMP 00000001003204bc

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [1528:1684]                                                                     0000000000020060

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94156025                                                                                       
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94156025 (not active ControlSet)                                                                   

---- EOF - GMER 2.1 ----
__________________
Alt 17.03.2013, 11:38   #4
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


... und weiter mit OTL

OTL.txt

Code:
ATTFilter
OTL logfile created on: 3/17/2013 11:05:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EDDIE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.66% Memory free
7.60 Gb Paging File | 6.05 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 383.76 Gb Free Space | 82.75% Space Free | Partition Type: NTFS
 
Computer Name: EDDIE-PC | User Name: EDDIE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/17 08:26:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EDDIE\Downloads\OTL.exe
PRC - [2012/12/24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009/07/21 16:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2011/10/26 11:03:40 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2004/09/09 16:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/03/13 16:07:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 18:54:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/24 16:49:27 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\EDDIE\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013/01/04 14:07:32 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/22 13:49:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/03/25 09:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2013/02/06 13:25:44 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15)
DRV - [2013/02/06 13:25:44 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG)
DRV - [2013/02/05 16:44:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130313.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C7961BA8-7581-4101-8D7F-78D6BC8E3ECF}
IE:64bit: - HKLM\..\SearchScopes\{C7961BA8-7581-4101-8D7F-78D6BC8E3ECF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{C7961BA8-7581-4101-8D7F-78D6BC8E3ECF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{02FFDFB6-B3DD-45B6-96A3-DA5A801C59F4}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{1C07D89C-87EE-4C44-8B7B-79ADE7EE611D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{428D14C8-8786-4B0C-9AE4-B3DF7D80F67A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{55C603F5-9810-4BD9-BE03-CFBBED300935}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343735303239&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{B41CF142-459A-4ED2-B2BD-36928FA149CB}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{CA1858FF-6B74-4BAB-8CCC-A484AC44F0C9}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ostseebad-trassenheide.de/template/trassenheide/webcamstrand/webcam_strand/pic.php?path=webcam_strand"
FF - prefs.js..extensions.enabledAddons: externalip%40erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: firefox%40schnaeppchenfuchs.com:1.02
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.2
FF - prefs.js..extensions.enabledAddons: %7BE71B541F-5E72-5555-A47C-E47863195841%7D:1.0.33
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.0.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/21 15:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/02/06 13:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/03/17 10:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 18:54:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\mail@shopping-preise.de [2012/09/24 16:49:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\firejump@firejump.net [2012/09/24 16:49:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 18:54:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/26 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Extensions
[2013/03/14 07:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions
[2013/02/06 13:16:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/02/11 08:21:52 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2013/03/14 07:46:23 | 000,000,000 | ---D | M] ("SimilarSites") -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
[2012/02/03 12:49:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\engine@conduit.com
[2013/03/06 14:17:00 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\firefox@ghostery.com
[2013/01/05 19:24:45 | 000,000,000 | ---D | M] (Schnäppchenfuchs Gutscheinfinder) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\firefox@schnaeppchenfuchs.com
[2012/09/24 16:49:38 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\firejump@firejump.net
[2012/09/24 16:49:34 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\mail@shopping-preise.de
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011/08/25 08:56:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/25 08:56:16 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\anttoolbar@ant.com
[2011/08/25 08:56:16 | 000,000,000 | ---D | M] (external IP) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\externalip@erik.morlin
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\formhistory@yahoo.com
[2013/03/03 13:23:17 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/24 17:42:07 | 000,110,795 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\extension@preispilot.com.xpi
[2011/08/25 09:35:11 | 000,003,835 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\externalip@erik.morlin.xpi
[2013/01/13 10:13:08 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2013/03/04 13:29:49 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/12/27 16:15:39 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013/02/14 16:43:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/11 13:58:32 | 000,459,668 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\FirefoxAddon@similarWeb.com.xpi
[2011/08/21 08:58:10 | 000,308,022 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\smarterwiki@wikiatic.com.xpi
[2011/08/19 15:14:08 | 000,508,087 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/05/13 09:47:10 | 000,922,025 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
[2011/07/23 18:29:48 | 000,255,378 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2011/07/03 12:34:04 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/21 11:46:10 | 000,138,595 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/24 17:16:34 | 000,002,101 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\googlede.xml
[2013/01/15 15:37:14 | 000,002,482 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\safesearch.xml
[2012/10/17 08:13:48 | 000,002,515 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\Search_Results.xml
[2012/09/24 16:49:36 | 000,003,849 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\wettercom.xml
[2012/09/24 17:21:14 | 000,001,030 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\wikipedia-de.xml
[2012/09/24 16:49:36 | 000,002,444 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\youtube-videosuche.xml
[2013/03/08 18:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/09 09:25:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2013/03/17 10:55:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\COFFPLGN
[2013/03/08 18:54:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/11 09:04:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/11 09:04:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/11 09:04:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/11 09:04:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/17 08:13:48 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/12/11 09:04:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/12/11 09:04:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/03/17 11:01:58 | 000,446,020 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\EDDIE\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1881642484-1841782945-982198653-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\EDDIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{646A3508-BB3A-4448-8E9D-2356390C179F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{39bef580-62ec-11e2-8779-e0ca94156025}\Shell - "" = AutoRun
O33 - MountPoints2\{39bef580-62ec-11e2-8779-e0ca94156025}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe
O33 - MountPoints2\{877260f1-d89d-11e0-b9bb-8c736ea621bf}\Shell - "" = AutoRun
O33 - MountPoints2\{877260f1-d89d-11e0-b9bb-8c736ea621bf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{877260f4-d89d-11e0-b9bb-8c736ea621bf}\Shell - "" = AutoRun
O33 - MountPoints2\{877260f4-d89d-11e0-b9bb-8c736ea621bf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c699cd00-cf01-11e0-9e26-e0ca94156025}\Shell - "" = AutoRun
O33 - MountPoints2\{c699cd00-cf01-11e0-9e26-e0ca94156025}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c699cd03-cf01-11e0-9e26-e0ca94156025}\Shell - "" = AutoRun
O33 - MountPoints2\{c699cd03-cf01-11e0-9e26-e0ca94156025}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c99eaf6b-d93c-11e0-8459-8c736ea621bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c99eaf6b-d93c-11e0-8459-8c736ea621bf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c99eaf6f-d93c-11e0-8459-8c736ea621bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c99eaf6f-d93c-11e0-8459-8c736ea621bf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c99eaf92-d93c-11e0-8459-e0ca94156025}\Shell - "" = AutoRun
O33 - MountPoints2\{c99eaf92-d93c-11e0-8459-e0ca94156025}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/17 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/17 08:17:03 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8357540F-764D-450F-9A71-516353F0EE56}
[2013/03/16 19:57:07 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{ECBB8AA4-C79F-4F6F-9EF5-F1D1A225E3F5}
[2013/03/16 07:09:14 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7A087907-A880-4D2D-B8F8-760495946456}
[2013/03/15 16:30:11 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/15 16:30:11 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/15 16:30:11 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/15 16:30:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/15 16:30:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/15 16:30:11 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/15 16:30:11 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/15 16:30:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/15 16:30:11 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/15 16:30:11 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/15 16:30:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/15 16:30:11 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/15 16:30:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/15 16:30:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/15 16:30:11 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/15 16:30:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/15 16:30:11 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/15 16:30:11 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/15 16:30:11 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/15 16:30:11 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/15 16:30:11 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/15 16:30:11 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/15 16:30:11 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/15 16:30:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/15 16:30:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/15 16:30:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/15 16:30:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/15 16:30:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/15 16:30:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/15 16:30:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/15 16:30:11 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/15 16:30:11 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/15 16:30:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/15 16:30:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/15 16:30:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/15 16:30:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/15 16:30:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/15 16:30:11 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/15 16:30:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/15 16:30:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/15 16:30:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/15 16:30:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/15 16:30:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/15 16:30:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/15 16:30:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/15 16:30:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/15 16:30:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/15 16:30:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/15 16:30:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/15 16:30:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/15 16:30:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/15 16:30:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/15 16:30:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/15 16:30:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/15 16:30:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/15 16:30:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/15 16:30:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/15 16:30:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/15 16:30:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/15 16:30:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/15 16:30:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/15 16:30:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/15 16:30:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/15 16:30:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/15 16:30:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/15 16:30:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/15 16:30:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/15 16:30:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/15 16:26:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/15 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{A1B78B8C-7A92-466F-B867-385BE10323DE}
[2013/03/14 17:45:35 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Roaming\Malwarebytes
[2013/03/14 17:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/14 17:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/14 17:45:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/14 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/14 17:45:10 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\Programs
[2013/03/14 07:48:36 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{26273B59-A12C-4D43-8466-17E19178783F}
[2013/03/13 19:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8AA93FD5-4B6C-4802-8C19-5A83EC49505B}
[2013/03/12 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{F4F64F4D-D4A2-4AFB-AC52-4EEEB0A1F41F}
[2013/03/11 08:33:25 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{12FB729F-7870-45FC-B419-E7027A2346B0}
[2013/03/10 20:32:49 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7A03EBED-EAD1-4075-8B97-CD64ED5E5304}
[2013/03/10 07:48:55 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{187F12A0-57EF-47DD-98BA-B2E4CBD36DC3}
[2013/03/09 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{2C957927-4221-4133-8B62-E14F88418535}
[2013/03/08 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{38CB0F3E-D114-4761-955D-1B24A80B8983}
[2013/03/08 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 08:40:34 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{365A7298-BD56-42ED-BEF4-AE3A2FFDC7DE}
[2013/03/07 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{358DE7AD-54C1-48E8-A468-91B9E3380615}
[2013/03/06 20:23:07 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{31BCAF31-24BC-4203-9B44-C1C831DECDB7}
[2013/03/06 08:10:45 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{11362F65-2609-4A6B-8B60-BDF28330C529}
[2013/03/05 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7923527D-8151-42D3-9C3B-FEBF3BC8A34F}
[2013/03/05 06:40:28 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{BF556254-898D-4F1A-A99A-2DF4D213BE01}
[2013/03/04 08:50:24 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{813CE9F4-C728-4ED2-835F-7337BA86EEFF}
[2013/03/03 08:21:12 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{CD019AF2-3292-45BF-8DBC-AFB978B1BB9C}
[2013/03/02 08:43:46 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{D1CB75CD-E98D-4029-B713-331179ECCA09}
[2013/03/01 08:00:00 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{1CC7DE89-EC5C-486B-A70E-8148848F932F}
[2013/02/28 10:10:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/28 10:10:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/28 07:37:34 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{ED82BAA7-41EB-4A63-B881-13C3593EEC15}
[2013/02/27 10:00:51 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 10:00:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 10:00:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 10:00:51 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 10:00:48 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 10:00:48 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 10:00:46 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 10:00:46 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 10:00:46 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 10:00:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 10:00:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 10:00:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 10:00:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 10:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 10:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 10:00:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 10:00:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 10:00:45 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 10:00:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 10:00:45 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 10:00:45 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 10:00:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 10:00:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 10:00:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 10:00:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 10:00:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 10:00:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 10:00:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 10:00:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 10:00:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 10:00:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 10:00:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 10:00:44 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 10:00:44 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 10:00:44 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 10:00:44 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 10:00:44 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 10:00:44 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 10:00:44 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 10:00:44 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 10:00:44 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 08:31:46 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{9F63A7DA-1106-43F1-AC99-B3632B6CD8EB}
[2013/02/26 08:43:17 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{DEF09B6B-7FB3-4532-83EF-C38DCBE85463}
[2013/02/25 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{613C0CED-6E56-4DDF-A198-603FBF66FA3F}
[2013/02/24 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8F5F5CB2-B4A0-416F-97B4-8A0B30B4383C}
[2013/02/23 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{48FE6DC8-3734-4CE1-B888-F34FEBBFB1ED}
[2013/02/22 09:14:03 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{E7032FE8-2A1E-453C-81B8-8509327589B3}
[2013/02/21 08:43:52 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{9772D679-946D-45A3-B75A-32D0D7082184}
[2013/02/20 14:27:00 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{BF822C86-F4D1-4FBF-BE22-528AB4DDC8EB}
[2013/02/20 08:20:15 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{60765C55-7C0C-4E82-8F3F-C6DD15191C35}
[2013/02/19 06:57:16 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{A4251E1B-0590-46DF-A1D3-DAA539531F63}
[2013/02/18 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{166B5229-3126-47F0-A2E6-09C83755597C}
[2013/02/17 09:00:38 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{5091D988-301C-49B5-8CE5-2313BA2B88DA}
[2013/02/16 14:37:29 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{6ACDBE89-52A7-4DF7-A985-6E384DA52F95}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/17 11:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/17 11:03:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 11:03:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 11:01:58 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/17 10:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 10:55:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/17 10:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 10:55:03 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 09:59:28 | 000,000,755 | ---- | M] () -- C:\Users\EDDIE\Desktop\Defogger.exe - Verknüpfung.lnk
[2013/03/17 09:34:47 | 000,001,103 | ---- | M] () -- C:\Users\EDDIE\Desktop\OTL.exe - Verknüpfung.lnk
[2013/03/17 09:34:39 | 000,001,154 | ---- | M] () -- C:\Users\EDDIE\Desktop\hiel58lo.exe - Verknüpfung.lnk
[2013/03/17 08:48:48 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130317-110158.backup
[2013/03/17 08:43:45 | 590,176,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/17 08:25:36 | 000,000,000 | ---- | M] () -- C:\Users\EDDIE\defogger_reenable
[2013/03/15 16:48:32 | 001,906,163 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/15 16:30:11 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/15 16:30:11 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/15 16:30:11 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/15 16:30:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/15 16:30:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/15 16:30:11 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/15 16:30:11 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/15 16:30:11 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/15 16:30:11 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/15 16:30:11 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/15 16:30:11 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/15 16:30:11 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/15 16:30:11 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/15 16:30:11 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/15 16:30:11 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/15 16:30:11 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/15 16:30:11 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/15 16:30:11 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/15 16:30:11 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/15 16:30:11 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/15 16:30:11 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/15 16:30:11 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/15 16:30:11 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/15 16:30:11 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/15 16:30:11 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/15 16:30:11 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/15 16:30:11 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/15 16:30:11 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/15 16:30:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/15 16:30:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/15 16:30:11 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/15 16:30:11 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/15 16:30:11 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/15 16:30:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/15 16:30:11 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/15 16:30:11 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/15 16:30:11 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/15 16:30:11 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/15 16:30:11 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/15 16:30:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/15 16:30:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/15 16:30:11 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/15 16:30:11 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/15 16:30:11 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/15 16:30:11 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/15 16:30:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/15 16:30:11 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/15 16:30:11 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/15 16:30:11 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/15 16:30:11 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/15 16:30:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/15 16:30:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/15 16:30:11 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/15 16:30:11 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/15 16:30:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/15 16:30:11 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/15 16:30:11 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/15 16:30:11 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/15 16:30:11 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/15 16:30:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/15 16:30:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/15 16:30:11 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/15 16:30:11 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/15 16:30:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/15 16:30:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/15 16:30:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/15 16:30:11 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/15 16:30:11 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/15 16:30:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/15 16:30:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/14 17:45:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/14 17:12:31 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130317-084848.backup
[2013/03/13 16:07:49 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 16:07:48 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/10 12:04:10 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 12:04:10 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/10 12:04:10 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 12:04:10 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/10 12:04:10 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/06 08:06:24 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/05 13:07:34 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130314-171231.backup
[2013/02/28 10:09:59 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/28 10:09:58 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/28 10:09:58 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/28 10:09:58 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/28 10:09:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/28 10:09:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/16 15:31:36 | 000,445,763 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130305-130734.backup
[2013/02/16 15:31:01 | 000,445,763 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130216-153136.backup
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/17 09:59:28 | 000,000,755 | ---- | C] () -- C:\Users\EDDIE\Desktop\Defogger.exe - Verknüpfung.lnk
[2013/03/17 09:34:47 | 000,001,103 | ---- | C] () -- C:\Users\EDDIE\Desktop\OTL.exe - Verknüpfung.lnk
[2013/03/17 09:34:39 | 000,001,154 | ---- | C] () -- C:\Users\EDDIE\Desktop\hiel58lo.exe - Verknüpfung.lnk
[2013/03/17 08:43:45 | 590,176,400 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/17 08:25:36 | 000,000,000 | ---- | C] () -- C:\Users\EDDIE\defogger_reenable
[2013/03/15 16:30:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/15 16:30:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/14 17:45:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/09 15:10:25 | 000,003,584 | ---- | C] () -- C:\Users\EDDIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/24 16:49:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011/08/10 20:41:34 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/10 20:41:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/08/10 20:41:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/08/10 20:41:34 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/10 20:41:33 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/16 11:56:37 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2780 bytes -> C:\Users\EDDIE\Documents\Einladung!!!.eml:OECustomProperty

< End of report >
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 3/17/2013 11:05:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EDDIE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.66% Memory free
7.60 Gb Paging File | 6.05 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 383.76 Gb Free Space | 82.75% Space Free | Partition Type: NTFS
 
Computer Name: EDDIE-PC | User Name: EDDIE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BEBA1D-177B-431C-AA82-B32229970D0B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{206F68AA-C857-43FC-8304-58907CE31838}" = lport=139 | protocol=6 | dir=in | app=system | 
"{389428F8-1139-4BFA-9C9F-75D52104B1B7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CE9AF5C-3184-49E1-A3EB-A4379CFCA824}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{4684CD98-174B-42B6-812D-B17110907646}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4826BFC0-7DD9-4F4B-990E-EFAA03103BF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4CB4D538-FBBC-4940-AC44-A540C47F05BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4FCC67F4-B3E1-4A89-9FBC-5A2842EED5BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{59B97258-7F9D-4521-A78F-7E7F3696040E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6AB157AD-743B-4944-8BAA-40314AB0141F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6AD28B91-5C8A-400A-ACBD-CE3989372F4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BDCA9A1-8D46-4FDC-A605-583D4A9F338C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9967B627-853D-4A7C-87D0-C1608A9C3594}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C900889-9EB0-4B66-9044-BFD170B673B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CFC5306-46C2-420F-8195-B256D0C193B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6881F36-25BD-4B90-B60C-FA1D411DBCF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABB8277B-A071-4617-80D8-D8DE6EF292E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3032004-C14C-43D1-883D-93185099CF90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C08F339E-B43D-4D18-BD26-2D656815E47F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C9853CDC-D7C1-48CF-9BD2-73C61515E795}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D18D60FA-C87D-41E9-8705-1A184CE6466E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA20BD5F-4282-4CD6-8948-F0C82D2BABFB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E0471788-3060-482A-84F5-0F4908C248BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EFAC79CD-2A1D-4D4E-8934-47D894F41B42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F5CEA0F6-E3A5-4FC9-857D-75614EC6357D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F85246E9-40E0-4DFE-9C68-4D93FD71669E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FF04B474-A47C-4E57-9225-66085F094A11}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EA5EF3-93D2-4C46-A9B6-86E630094531}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0C5515E4-0347-4E8F-8ADB-5066ED3B91B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{109D4847-FED7-43EE-9BAA-18BEF56406D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AB2E607-53B5-41E8-8793-652738F0A370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21CD7776-5182-4772-9241-AF26796D3BB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B2B600E-3E3B-49E1-A0C1-3F12976A05EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2F005989-BBCC-45B5-A563-9C2116A8B3A5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3694A3D6-94DC-47F8-B876-A4AAB3E63FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{37077665-A478-4862-960F-93C9106106C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B809138-849B-412E-BAE5-002C82F7A389}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{660B17A5-D83C-45FF-B360-4B183FAB80DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{727B720B-3509-446E-AB6C-CF5BC2E9D97B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80249472-EEED-4662-ABA8-5959BF35A621}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A63C3FE-6CE7-4991-A2B3-469C0C749378}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{8B505DD5-688E-4A30-A708-FDA98EB11589}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{994D9F21-E7AA-41F3-8CEC-D8F063882DCF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9E2F2B4E-7215-46AB-AF2D-D4EE0DCE1FE7}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{B40768CB-4EAA-498D-A534-41A9A4745298}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B5C3AE85-3D49-4504-B76F-237736695BE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BD385FBE-48E9-4A15-8500-A669BB29560A}" = protocol=6 | dir=out | app=system | 
"{C29B469B-F600-4F74-8F33-88A690A11A94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C44BDE2E-78E3-426C-9643-1C0648FA9E5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF13A49F-CDCE-45D2-9DDA-273DE9D1BD08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D37DB05B-2CD5-456F-8760-199F9A021D0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D57D0735-197D-41AF-A45B-49B195022C0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DDDAEE10-5DF0-4411-BEA0-44CF7B443D77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DE9BC41D-F3D3-4A55-8A7F-4A1D3A4CF246}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E064651A-3BA3-4D0E-B1C7-306712CD1A1D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E165794D-45A2-4597-8472-2D9DD8121FF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F9257362-CF72-4AAF-922C-8AB76BCE6BF1}" = dir=in | app=c:\program files (x86)\fujitsu\ais connect\ultravnc\winvnc.exe | 
"{FB8BAA3F-CBAC-48DE-99F6-36F207178EBF}" = dir=out | app=c:\program files (x86)\fujitsu\ais connect\bin\qsamain.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIS Connect" = AIS Connect
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"BILDmobil" = BILDmobil
"conduitEngine" = Conduit Engine
"Designer 2.0_is1" = Designer 2.0
"DeskUpdate_is1" = DeskUpdate 4.11
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/16/2013 3:32:23 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/16/2013 8:40:53 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/16/2013 11:12:58 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/16/2013 2:42:26 PM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/17/2013 2:34:36 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/17/2013 3:45:11 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/17/2013 3:54:54 AM | Computer Name = EDDIE-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/17/2013 4:59:06 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/17/2013 5:08:38 AM | Computer Name = EDDIE-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/17/2013 5:56:48 AM | Computer Name = EDDIE-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 3/12/2013 1:24:24 PM | Computer Name = EDDIE-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Dnscache erreicht.
 
Error - 3/15/2013 10:54:20 AM | Computer Name = EDDIE-PC | Source = bowser | ID = 8003
Description = 
 
Error - 3/15/2013 10:58:21 AM | Computer Name = EDDIE-PC | Source = bowser | ID = 8003
Description = 
 
Error - 3/15/2013 11:22:31 AM | Computer Name = EDDIE-PC | Source = bowser | ID = 8003
Description = 
 
Error - 3/15/2013 11:28:07 AM | Computer Name = EDDIE-PC | Source = bowser | ID = 8003
Description = 
 
Error - 3/17/2013 3:43:52 AM | Computer Name = EDDIE-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?03.?2013 um 08:41:37 unerwartet heruntergefahren.
 
Error - 3/17/2013 3:44:07 AM | Computer Name = EDDIE-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 3/17/2013 5:55:56 AM | Computer Name = EDDIE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SearchAnonymizer erreicht.
 
Error - 3/17/2013 5:55:56 AM | Computer Name = EDDIE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 3/17/2013 6:05:46 AM | Computer Name = EDDIE-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

... und vielen Dank für die Hilfe !

Alt 17.03.2013, 13:39   #5
aharonov
/// TB-Ausbilder
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo,

sieht eigentlich gut aus bis jetzt.


Schritt 1

Bei dir läuft der Teatimer von Spybot Search&Destroy.
Mit laufendem TeaTimer lässt sich keine Bereinigung durchführen, da er alle gelöschten Einträge wiederherstellt.
  • Starte Spybot S&D.
  • Stelle im Menü "Modus" den "Erweiterten Modus" ein.
  • Klicke dann links unten auf "Werkzeuge" und drücke auf "Resident".
  • Entferne das Häkchen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen).
  • Schliesse Spybot und starte den Rechner neu auf.
    (Bebilderte Anleitung)
Nachdem wir hier fertig sind, kannst du den TeaTimer wieder aktivieren.



Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 3

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL

__________________
cheers,
Leo

Alt 17.03.2013, 15:52   #6
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


AdwCleaner.txt

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 17/03/2013 um 14:24:24 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : EDDIE - EDDIE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\EDDIE\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\MyAshampoo
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\EDDIE\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\EDDIE\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\EDDIE\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\EDDIE\AppData\LocalLow\MyAshampoo
Ordner Gelöscht : C:\Users\EDDIE\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\EDDIE\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7E1BF45-963B-4010-B1D1-827F21242639}
Schlüssel Gelöscht : HKLM\Software\MyAshampoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2C152281-1506-46A6-ABC0-A3B4B07F0446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F7FC02C-EA23-4430-946B-DA0271A7B51D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7E1BF45-963B-4010-B1D1-827F21242639}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{933EBE20-B4B1-45EF-A4B9-720183188C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E71916E9-F933-4458-9053-7EB52B3B99E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\prefs.js

Gelöscht : user_pref("extensions.GjhgjhgCXhjj.shoplist", "{\"shop\":{\"vodafone.de\":[\"10001\",\"Vodafone\",6,[...]
Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);

Datei : C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\zjxeho9d.default\prefs.js

C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\zjxeho9d.default\user.js ... Gelöscht !

Gelöscht : user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.[...]
Gelöscht : user_pref("interclue.preferences.backup", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"[...]

*************************

AdwCleaner[S1].txt - [6657 octets] - [17/03/2013 14:24:24]

Combofix.txt


Code:
ATTFilter
ComboFix 13-03-17.01 - EDDIE 17.03.2013  14:36:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.2340 [GMT 1:00]
ausgeführt von:: c:\users\EDDIE\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-17 bis 2013-03-17  ))))))))))))))))))))))))))))))
.
.
2013-03-17 13:47 . 2013-03-17 13:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-17 13:24 . 2013-03-17 13:24	190	----a-w-	c:\windows\DeleteOnReboot.bat
2013-03-15 15:26 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-14 16:45 . 2013-03-14 16:45	--------	d-----w-	c:\users\EDDIE\AppData\Roaming\Malwarebytes
2013-03-14 16:45 . 2013-03-14 16:45	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-14 16:45 . 2013-03-14 16:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 16:45 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-14 16:45 . 2013-03-14 16:45	--------	d-----w-	c:\users\EDDIE\AppData\Local\Programs
2013-03-13 18:45 . 2013-03-13 18:45	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-13 18:45 . 2013-03-13 18:45	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-02-28 09:10 . 2013-02-28 09:09	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 07:51 . 2013-03-06 07:06	--------	d-----w-	c:\windows\system32\drivers\NISx64\1403000.024
2013-02-24 18:08 . 2013-02-24 18:08	0	----a-w-	c:\windows\SysWow64\sho9BE1.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:48 . 2011-08-23 14:21	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 15:07 . 2012-09-09 07:49	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 15:07 . 2011-08-25 10:10	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 09:09 . 2012-06-10 12:47	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 09:09 . 2011-08-25 08:40	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 14:46	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 14:46	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 14:46	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 14:46	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 14:46	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 14:46	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-05 05:53 . 2013-02-13 13:18	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 13:18	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 13:18	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 13:07 . 2013-01-04 13:07	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-04 05:46 . 2013-02-13 13:18	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 13:18	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 13:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 13:18	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 13:18	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 13:18	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 13:18	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 13:18	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 13:18	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 13:18	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"AIS_MessageForYou"="c:\program files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe" [2010-03-18 1965056]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\EDDIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2012-8-11 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AISConnect;AIS Connect Agent;c:\program files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [2009-01-26 32768]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130313.001\IDSvia64.sys [2013-02-05 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-24 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 15:07]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 11:14]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 11:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-24 6310912]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.ostseebad-trassenheide.de/template/trassenheide/webcamstrand/webcam_strand/pic.php?path=webcam_strand
FF - ExtSQL: 2013-02-03 16:03; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF - ExtSQL: !HIDDEN! 2012-09-24 17:49; mail@shopping-preise.de; c:\users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\mail@shopping-preise.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Ocs_SM - c:\users\EDDIE\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-17  15:15:43
ComboFix-quarantined-files.txt  2013-03-17 14:15
.
Vor Suchlauf: 13 Verzeichnis(se), 413.509.505.024 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 415.030.255.616 Bytes frei
.
- - End Of File - - 6A65E267BB7C65DF780940729B942F37
OTL.txt


Code:
ATTFilter
OTL logfile created on: 3/17/2013 3:31:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EDDIE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.44% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 386.65 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
 
Computer Name: EDDIE-PC | User Name: EDDIE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/17 08:26:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EDDIE\Downloads\OTL.exe
PRC - [2012/12/24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012/12/18 15:28:22 | 000,038,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009/07/21 16:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/26 11:03:40 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2004/09/09 16:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/03/13 16:07:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 18:54:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013/01/04 14:07:32 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/22 13:49:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/03/25 09:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2013/02/06 13:25:44 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15)
DRV - [2013/02/06 13:25:44 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG)
DRV - [2013/02/05 16:44:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130313.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{C7961BA8-7581-4101-8D7F-78D6BC8E3ECF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{C7961BA8-7581-4101-8D7F-78D6BC8E3ECF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{02FFDFB6-B3DD-45B6-96A3-DA5A801C59F4}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{1C07D89C-87EE-4C44-8B7B-79ADE7EE611D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{428D14C8-8786-4B0C-9AE4-B3DF7D80F67A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{55C603F5-9810-4BD9-BE03-CFBBED300935}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{B41CF142-459A-4ED2-B2BD-36928FA149CB}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\..\SearchScopes\{CA1858FF-6B74-4BAB-8CCC-A484AC44F0C9}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=98436b8d-4b61-468d-bc57-9480aca34693&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ostseebad-trassenheide.de/template/trassenheide/webcamstrand/webcam_strand/pic.php?path=webcam_strand"
FF - prefs.js..extensions.enabledAddons: externalip%40erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: firefox%40schnaeppchenfuchs.com:1.02
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.2
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.0.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/21 15:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/02/06 13:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/03/17 14:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 18:54:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\mail@shopping-preise.de [2012/09/24 16:49:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\EDDIE\AppData\Roaming\Mozilla\Firefox\Profiles\genm2u89.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 18:54:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/26 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Extensions
[2013/03/17 14:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions
[2013/02/06 13:16:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/06 14:17:00 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\firefox@ghostery.com
[2013/01/05 19:24:45 | 000,000,000 | ---D | M] (Schnäppchenfuchs Gutscheinfinder) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\firefox@schnaeppchenfuchs.com
[2012/09/24 16:49:34 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\genm2u89.default\extensions\mail@shopping-preise.de
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011/08/25 08:56:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/25 08:56:16 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\anttoolbar@ant.com
[2011/08/25 08:56:16 | 000,000,000 | ---D | M] (external IP) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\externalip@erik.morlin
[2011/08/25 08:56:17 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\EDDIE\AppData\Roaming\mozilla\Firefox\Profiles\zjxeho9d.default\extensions\formhistory@yahoo.com
[2013/03/03 13:23:17 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/24 17:42:07 | 000,110,795 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\extension@preispilot.com.xpi
[2011/08/25 09:35:11 | 000,003,835 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\externalip@erik.morlin.xpi
[2013/01/13 10:13:08 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2013/03/04 13:29:49 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/12/27 16:15:39 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013/02/14 16:43:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/11 13:58:32 | 000,459,668 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\FirefoxAddon@similarWeb.com.xpi
[2011/08/21 08:58:10 | 000,308,022 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\smarterwiki@wikiatic.com.xpi
[2011/08/19 15:14:08 | 000,508,087 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/05/13 09:47:10 | 000,922,025 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
[2011/07/23 18:29:48 | 000,255,378 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2011/07/03 12:34:04 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/21 11:46:10 | 000,138,595 | ---- | M] () (No name found) -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\zjxeho9d.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/24 17:16:34 | 000,002,101 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\googlede.xml
[2012/09/24 16:49:36 | 000,003,849 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\wettercom.xml
[2012/09/24 17:21:14 | 000,001,030 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\wikipedia-de.xml
[2012/09/24 16:49:36 | 000,002,444 | ---- | M] () -- C:\Users\EDDIE\AppData\Roaming\mozilla\firefox\profiles\genm2u89.default\searchplugins\youtube-videosuche.xml
[2013/03/08 18:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/03/17 14:28:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\COFFPLGN
[2013/03/08 18:54:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/11 09:04:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/11 09:04:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/11 09:04:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/11 09:04:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/12/11 09:04:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/12/11 09:04:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/03/17 14:31:34 | 000,000,938 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\EDDIE\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\EDDIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1881642484-1841782945-982198653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{646A3508-BB3A-4448-8E9D-2356390C179F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/17 15:30:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/17 15:15:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/17 14:34:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/17 14:34:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/17 14:34:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/17 14:33:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/17 14:32:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/17 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/17 08:17:03 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8357540F-764D-450F-9A71-516353F0EE56}
[2013/03/16 19:57:07 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{ECBB8AA4-C79F-4F6F-9EF5-F1D1A225E3F5}
[2013/03/16 07:09:14 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7A087907-A880-4D2D-B8F8-760495946456}
[2013/03/15 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{A1B78B8C-7A92-466F-B867-385BE10323DE}
[2013/03/14 17:45:35 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Roaming\Malwarebytes
[2013/03/14 17:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/14 17:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/14 17:45:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/14 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/14 17:45:10 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\Programs
[2013/03/14 07:48:36 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{26273B59-A12C-4D43-8466-17E19178783F}
[2013/03/13 19:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8AA93FD5-4B6C-4802-8C19-5A83EC49505B}
[2013/03/12 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{F4F64F4D-D4A2-4AFB-AC52-4EEEB0A1F41F}
[2013/03/11 08:33:25 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{12FB729F-7870-45FC-B419-E7027A2346B0}
[2013/03/10 20:32:49 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7A03EBED-EAD1-4075-8B97-CD64ED5E5304}
[2013/03/10 07:48:55 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{187F12A0-57EF-47DD-98BA-B2E4CBD36DC3}
[2013/03/09 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{2C957927-4221-4133-8B62-E14F88418535}
[2013/03/08 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{38CB0F3E-D114-4761-955D-1B24A80B8983}
[2013/03/08 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 08:40:34 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{365A7298-BD56-42ED-BEF4-AE3A2FFDC7DE}
[2013/03/07 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{358DE7AD-54C1-48E8-A468-91B9E3380615}
[2013/03/06 20:23:07 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{31BCAF31-24BC-4203-9B44-C1C831DECDB7}
[2013/03/06 08:10:45 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{11362F65-2609-4A6B-8B60-BDF28330C529}
[2013/03/05 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{7923527D-8151-42D3-9C3B-FEBF3BC8A34F}
[2013/03/05 06:40:28 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{BF556254-898D-4F1A-A99A-2DF4D213BE01}
[2013/03/04 08:50:24 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{813CE9F4-C728-4ED2-835F-7337BA86EEFF}
[2013/03/03 08:21:12 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{CD019AF2-3292-45BF-8DBC-AFB978B1BB9C}
[2013/03/02 08:43:46 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{D1CB75CD-E98D-4029-B713-331179ECCA09}
[2013/03/01 08:00:00 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{1CC7DE89-EC5C-486B-A70E-8148848F932F}
[2013/02/28 07:37:34 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{ED82BAA7-41EB-4A63-B881-13C3593EEC15}
[2013/02/27 08:31:46 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{9F63A7DA-1106-43F1-AC99-B3632B6CD8EB}
[2013/02/26 08:43:17 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{DEF09B6B-7FB3-4532-83EF-C38DCBE85463}
[2013/02/25 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{613C0CED-6E56-4DDF-A198-603FBF66FA3F}
[2013/02/24 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{8F5F5CB2-B4A0-416F-97B4-8A0B30B4383C}
[2013/02/23 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{48FE6DC8-3734-4CE1-B888-F34FEBBFB1ED}
[2013/02/22 09:14:03 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{E7032FE8-2A1E-453C-81B8-8509327589B3}
[2013/02/21 08:43:52 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{9772D679-946D-45A3-B75A-32D0D7082184}
[2013/02/20 14:27:00 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{BF822C86-F4D1-4FBF-BE22-528AB4DDC8EB}
[2013/02/20 08:20:15 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{60765C55-7C0C-4E82-8F3F-C6DD15191C35}
[2013/02/19 06:57:16 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{A4251E1B-0590-46DF-A1D3-DAA539531F63}
[2013/02/18 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{166B5229-3126-47F0-A2E6-09C83755597C}
[2013/02/17 09:00:38 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{5091D988-301C-49B5-8CE5-2313BA2B88DA}
[2013/02/16 14:37:29 | 000,000,000 | ---D | C] -- C:\Users\EDDIE\AppData\Local\{6ACDBE89-52A7-4DF7-A985-6E384DA52F95}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/17 15:30:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/17 15:30:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 15:30:14 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 15:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/17 14:56:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 14:33:49 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 14:33:49 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 14:31:34 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/17 14:29:59 | 000,001,154 | ---- | M] () -- C:\Users\EDDIE\Desktop\ComboFix.exe - Verknüpfung.lnk
[2013/03/17 14:24:40 | 000,000,190 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/17 14:24:05 | 000,001,172 | ---- | M] () -- C:\Users\EDDIE\Desktop\adwcleaner.exe - Verknüpfung.lnk
[2013/03/17 11:01:58 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130317-143134.backup
[2013/03/17 09:59:28 | 000,000,755 | ---- | M] () -- C:\Users\EDDIE\Desktop\Defogger.exe - Verknüpfung.lnk
[2013/03/17 09:34:47 | 000,001,103 | ---- | M] () -- C:\Users\EDDIE\Desktop\OTL.exe - Verknüpfung.lnk
[2013/03/17 09:34:39 | 000,001,154 | ---- | M] () -- C:\Users\EDDIE\Desktop\hiel58lo.exe - Verknüpfung.lnk
[2013/03/17 08:48:48 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130317-110158.backup
[2013/03/17 08:43:45 | 590,176,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/17 08:25:36 | 000,000,000 | ---- | M] () -- C:\Users\EDDIE\defogger_reenable
[2013/03/15 16:48:32 | 001,906,163 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/15 16:30:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/15 16:30:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/14 17:45:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/14 17:12:31 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130317-084848.backup
[2013/03/10 12:04:10 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 12:04:10 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/10 12:04:10 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 12:04:10 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/10 12:04:10 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/06 08:06:24 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/05 13:07:34 | 000,446,020 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130314-171231.backup
[2013/02/16 15:31:36 | 000,445,763 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130305-130734.backup
[2013/02/16 15:31:01 | 000,445,763 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130216-153136.backup
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/17 14:34:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/17 14:34:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/17 14:34:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/17 14:34:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/17 14:34:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/17 14:29:59 | 000,001,154 | ---- | C] () -- C:\Users\EDDIE\Desktop\ComboFix.exe - Verknüpfung.lnk
[2013/03/17 14:24:35 | 000,000,190 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/17 14:24:05 | 000,001,172 | ---- | C] () -- C:\Users\EDDIE\Desktop\adwcleaner.exe - Verknüpfung.lnk
[2013/03/17 09:59:28 | 000,000,755 | ---- | C] () -- C:\Users\EDDIE\Desktop\Defogger.exe - Verknüpfung.lnk
[2013/03/17 09:34:47 | 000,001,103 | ---- | C] () -- C:\Users\EDDIE\Desktop\OTL.exe - Verknüpfung.lnk
[2013/03/17 09:34:39 | 000,001,154 | ---- | C] () -- C:\Users\EDDIE\Desktop\hiel58lo.exe - Verknüpfung.lnk
[2013/03/17 08:43:45 | 590,176,400 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/17 08:25:36 | 000,000,000 | ---- | C] () -- C:\Users\EDDIE\defogger_reenable
[2013/03/15 16:30:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/15 16:30:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/14 17:45:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/09 15:10:25 | 000,003,584 | ---- | C] () -- C:\Users\EDDIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/24 16:49:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011/08/10 20:41:34 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/10 20:41:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/08/10 20:41:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/08/10 20:41:34 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/10 20:41:33 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/16 11:56:37 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/23 14:51:42 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\AIS Connect
[2012/02/03 12:49:57 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\Ashampoo
[2012/12/09 09:25:10 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\fotobuch.de AG
[2011/08/23 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\Fujitsu
[2011/10/26 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\OpenOffice.org
[2012/09/24 16:49:36 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\Opera
[2012/07/15 10:01:40 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\SoftGrid Client
[2011/10/06 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\TP
[2011/09/20 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\EDDIE\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2780 bytes -> C:\Users\EDDIE\Documents\Einladung!!!.eml:OECustomProperty

< End of report >

Alt 17.03.2013, 16:03   #7
aharonov
/// TB-Ausbilder
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo,

wie läuft der Rechner?
Wir machen noch eine Kontrolle:


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\EDDIE\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 17.03.2013, 18:37   #8
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo,

Computer läuft problemlos.
ESET hat nichts gefunden.

Hier sind die anderen Logs.

Fixlog von OTL

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: EDDIE
->Temp folder emptied: 1544 bytes
->Temporary Internet Files folder emptied: 7938839 bytes
->Java cache emptied: 1472263 bytes
->FireFox cache emptied: 164942780 bytes
->Flash cache emptied: 34183 bytes
 
User: Journal
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: RegBack
->Temp folder emptied: 0 bytes
 
User: systemprofile
->Temp folder emptied: 0 bytes
 
User: TxR
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6722 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95404 bytes
RecycleBin emptied: 174 bytes
 
Total Files Cleaned = 166.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_163410

Files\Folders moved on Reboot...
C:\Users\EDDIE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\EDDIE\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM Log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
EDDIE :: EDDIE-PC [Administrator]

17.03.2013 16:40:54
mbam-log-2013-03-17 (16-40-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258230
Laufzeit: 3 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log von SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 JavaFX 2.1.1    
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 29  
 Java 7 Update 15  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (Firefox.) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Alles gut ?

Alt 17.03.2013, 19:25   #9
aharonov
/// TB-Ausbilder
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Hallo,

Zitat:
Alles gut ?
Seh ich auch so. Bring noch die Software (du hast 3 veraltete Java-Versionen installiert) auf den neusten Stand und dann räumen wir auf.


Schritt 1

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 17.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 2

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Schritt 3

Starte defogger und drücke den Button Re-enable.



Schritt 4

Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme.

Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster
Code:
ATTFilter
Combofix /Uninstall
und drücke OK.
Du kannst die eben deaktivierten Programme nun wieder einschalten.



Schritt 5

Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen.
Falls du ESET aber deinstallieren möchtest, dann:

Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
und drücke OK.



Schritt 6

Downloade dir bitte delfix auf deinen Desktop.
  • Schliesse alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Start.
  • DelFix entfernt alle von uns verwendeten Programme und löscht sich anschliessend selbst.
    Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 18.03.2013, 18:53   #10
Eddie77
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Alles erledigt und Computer läuft problemlos !

Vielen, vielen Dank für deine Hilfe !!!

Alt 18.03.2013, 19:38   #11
aharonov
/// TB-Ausbilder
 
Groupon-Trojaner - Standard

Groupon-Trojaner


Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Groupon-Trojaner
anhang, bedrohung, dankbar, gefunde, gestern, heute, inter, interne, internet, internet security, malewarebytes, natürlich, norton, norton internet security, rechner, scan, scanner, security, seite, sichere, sicheren, spybot, troja, trojaner, version.


« Whitescreen Windows Vista 64bit | Avira Scan findet Tr/Bublik.B.183 »


Ähnliche Themen: Groupon-Trojaner


  1. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  2. Von Trojaner in Groupon Mail erwischt!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (19)
  3. Groupon Trojaner
    Log-Analyse und Auswertung - 30.03.2013 (28)
  4. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  5. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  6. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  7. Groupon Trojaner, die Hundertste...
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (23)
  8. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (16)
  9. Groupon Rechnung - versteckte Trojaner
    Log-Analyse und Auswertung - 15.03.2013 (16)
  10. Groupon AG Abrechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (2)
  11. Groupon Trojaner-Bereinigung
    Log-Analyse und Auswertung - 14.03.2013 (72)
  12. Nochmal Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (1)
  13. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  14. Groupon Nachricht mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (5)
  15. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  17. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Groupon-Trojaner - Hallo. Wir haben gestern auch die berüchtigte Groupon-Rechnung bekommen. Meine Frau ist sich nicht sicher(?), ob sie den Anhang geöffnet hat. Ich habe heute eine Suchlauf mit Norton Internet Security, - Groupon-Trojaner...
Archiv
Du betrachtest: Groupon-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54