Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: QVO6 Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2013, 22:32   #1
orphus
 
QVO6 Problem - Standard

QVO6 Problem



Hallo,
Ich bin neu hier und etwas verwirrt.... Im Thread zur Eröffnung eines neuen Themas steht man solle nicht einfach blind den Anweisungen eines bereits vorhandenen Threads folgen und hier beim eröffnen wird als erstes auf die Suchfunktion hingewiesen. Deshalb poste ich jetzt einfach mal hier die Scans und sollte ich doch einfach die Schritte aus einem anderen Beitrag nacheifern dürfen bitte bescheid geben

Der PC meiner Freundin ( Browser ist Firefox) hat als Startseite immer die QVO6 Seite und das lässt sich auch nicht mehr umstellen.

Vorab: Meine Freundin, deren PC ich gerade bearbeite, hat schon auf eigene Faust versucht mit Spyhunter den Virus zu bekämpfen und ich habe gelesen, dass das auch Spyware sei...

Code:
ATTFilter
OTL logfile created on: 26.04.2013 21:47:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 3,95 Gb Available Physical Memory | 66,94% Memory free
11,79 Gb Paging File | 9,68 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 328,85 Gb Free Space | 72,91% Space Free | Partition Type: NTFS
 
Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 21:43:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caro\Downloads\OTL.exe
PRC - [2013.04.23 21:00:02 | 004,555,776 | ---- | M] (Spotify Ltd) -- C:\Users\Caro\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.04.23 21:00:01 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.03.31 14:02:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.31 14:02:09 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.31 14:02:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.04 05:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.11.03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.03 19:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010.11.03 19:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010.11.03 18:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.11.03 18:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010.09.03 08:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.08.20 01:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.23 21:00:02 | 024,985,600 | ---- | M] () -- C:\Users\Caro\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.02.17 23:19:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.19 18:20:16 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.19 18:20:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.19 18:12:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.19 18:12:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.19 14:04:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.19 14:04:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.19 14:04:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.19 14:04:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.19 14:04:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.19 14:04:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.30 04:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.09.03 08:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.08.30 10:34:12 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.14 22:41:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.31 14:02:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.31 14:02:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 00:06:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.04 05:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.11.03 19:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010.11.03 19:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010.11.03 18:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.04 08:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.09.04 08:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.03.31 14:02:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.31 14:02:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.31 14:02:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.04 05:19:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011.11.04 05:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.07.08 04:51:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 04:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.31 17:24:46 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.22 19:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.11 03:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.04 12:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.24 03:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.08.12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569
IE:64bit: - HKLM\..\SearchScopes\{754B4A8A-6A40-4BC6-840B-15A264D7E885}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569
IE - HKLM\..\SearchScopes\{3EF9B6B4-EE89-4EFA-B930-B29DAC061395}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {754B4A8A-6A40-4BC6-840B-15A264D7E885}
IE - HKCU\..\SearchScopes\{29AF59BC-3378-4301-9037-0CA76729C48F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F00C4936-CCCF-4326-9709-8E1C738F42E1&apn_sauid=7C42B70E-89F1-4FC8-AE91-2BADB65D2FCD
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 22:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 22:41:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.12 14:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caro\AppData\Roaming\mozilla\Extensions
[2013.04.14 22:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.14 22:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.14 22:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.14 22:41:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 23:54:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.23 00:30:11 | 000,000,732 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Caro\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Caro\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Caro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Caro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F69935-EF31-4B00-A736-909C67F0993A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.23 21:48:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 01:00:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.23 21:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.23 21:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.23 21:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.23 00:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2013.04.23 00:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013.04.23 00:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.04.23 00:30:16 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc
[2013.04.23 00:30:12 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Desk 365
[2013.04.23 00:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365
[2013.04.23 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\eIntaller
[2013.04.22 23:29:25 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Spotify
[2013.04.22 23:29:06 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Spotify
[2013.04.14 22:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.07 22:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Kart 3 Demo
[2013.04.07 21:41:46 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Moorhuhn - Das verbotene Schloss
[2013.04.07 21:30:08 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moorhuhn Das verbotene Schloss
[2013.04.07 21:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Das verbotene Schloss
[2013.04.07 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phenomedia
[2013.04.07 20:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Remake
[2013.04.05 23:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.31 14:02:33 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.31 14:02:33 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.31 14:02:33 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 21:46:01 | 000,000,000 | ---- | M] () -- C:\Users\Caro\defogger_reenable
[2013.04.26 21:45:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 21:45:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 21:40:44 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 21:40:44 | 000,654,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 21:40:44 | 000,616,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 21:40:44 | 000,130,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 21:40:44 | 000,106,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 21:34:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 21:34:32 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 00:30:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 22:36:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2839364030-2610571798-1031837795-1001UA.job
[2013.04.24 22:36:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2839364030-2610571798-1031837795-1001Core.job
[2013.04.23 21:48:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.23 00:30:11 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.22 23:29:24 | 000,001,803 | ---- | M] () -- C:\Users\Caro\Desktop\Spotify.lnk
[2013.04.22 21:56:21 | 000,322,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.07 22:01:00 | 000,002,297 | ---- | M] () -- C:\Users\Public\Desktop\Moorhuhn Kart 3 Demo spielen.lnk
[2013.04.07 21:33:43 | 000,002,240 | ---- | M] () -- C:\Users\Caro\Desktop\Moorhuhn Das verbotene Schloss spielen.lnk
[2013.04.07 20:43:35 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk
[2013.03.31 14:02:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.31 14:02:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.31 14:02:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 21:46:01 | 000,000,000 | ---- | C] () -- C:\Users\Caro\defogger_reenable
[2013.04.23 21:48:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.22 23:29:24 | 000,001,803 | ---- | C] () -- C:\Users\Caro\Desktop\Spotify.lnk
[2013.04.22 23:29:24 | 000,001,789 | ---- | C] () -- C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.04.07 22:01:00 | 000,002,297 | ---- | C] () -- C:\Users\Public\Desktop\Moorhuhn Kart 3 Demo spielen.lnk
[2013.04.07 21:33:43 | 000,002,240 | ---- | C] () -- C:\Users\Caro\Desktop\Moorhuhn Das verbotene Schloss spielen.lnk
[2013.04.07 20:43:35 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk
[2012.05.25 21:07:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.10 22:31:58 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.10 16:29:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.10 16:29:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.03 13:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.30 18:53:42 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\Canneverbe Limited
[2013.04.23 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\Desk 365
[2012.09.29 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\DVDVideoSoft
[2012.09.29 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.23 00:29:58 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\eIntaller
[2012.07.29 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\ICQ
[2012.05.10 16:03:19 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\Leadertech
[2013.04.23 00:37:55 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\MediaMonkey
[2012.09.28 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\Orbit
[2012.09.28 23:54:10 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\ProgSense
[2013.04.23 23:20:00 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\SoftGrid Client
[2013.04.26 21:39:20 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\Spotify
[2012.05.25 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Caro\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 21:47:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 3,95 Gb Available Physical Memory | 66,94% Memory free
11,79 Gb Paging File | 9,68 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 328,85 Gb Free Space | 72,91% Space Free | Partition Type: NTFS
 
Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0332CB09-3717-4629-9C9E-1C6977A538FC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0BD61DE1-2A0F-4A89-BB9A-E751C21B6B80}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0D77D0D0-7848-40A7-8A42-9D29FD0A0993}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20E084A3-46C3-463B-B482-75B788EB576F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{238D516E-F127-4905-B037-AF7138A3034D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2FCF1C1B-2A92-4B35-9844-C080744A1F97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{347A0F0E-1F3C-4A10-A7AC-E0908BF75ED2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{39926807-591E-42DB-B8A0-7BC2B4A17CFB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7428938E-B749-4165-8977-78967ACB5C75}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7AAD9B62-C3E9-4B1E-862B-28EF9CD46091}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8226828B-119E-47DB-B5DA-B0DCA5300936}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E24E3C5-4B82-44F0-B57F-B7D69901E7CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{91D09F62-5A8D-4788-B105-3D92CC5AD097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1508A89-228D-4C7C-BCEA-502C32086E2C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA1DD13E-F2BD-45A8-A1CE-4E1D20D657FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2B9F628-5731-4A68-8CD6-D7A4FEE6936E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2E94505-77A7-46BE-BD54-0E233B8E473D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B95C72E8-9C51-404A-8AA1-A6299D507DC8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B9DBA74C-9678-4FE8-AD7C-FC48E79193D9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CB913BD2-753B-4DBF-91A4-B3AE313CEA00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF0D8A5D-C3C5-43A8-89C1-A1177ECD6DEB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DB4B0944-1323-45E2-9CF4-D147C1FA4B66}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E19BC47F-2EEC-4896-931C-DC5537D63177}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E7D5D9B8-0C82-4385-8AD5-5E4452F918D8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E988561D-324D-4772-AA1F-B93D80F7B135}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12578AFD-37A9-4992-BA6C-8806AABE7212}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F72C757-5BAC-4D9F-8293-3A2E9BE95529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3AE9DA44-CA30-425A-AC34-606923E90567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F4DA10E-71B9-431D-91C9-DCF5DA399906}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FB11F4C-B9AD-4113-8DC0-FEDD03BEF248}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{51D8F746-920F-4E00-9D6C-187A855C9254}" = protocol=6 | dir=out | app=system | 
"{5218B874-24B5-4E8F-9AAD-F669E1B4E631}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6850FE59-AC21-4C5A-990E-76057905D781}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{790CC0D8-50FF-4F0D-A964-0E83A745962C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84C922E3-4184-421A-AFD7-D05AA307D82C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{89AF8926-4823-420A-9127-4BAD6FBF214D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93B80502-3A44-4CE6-A81E-9D699052025D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9EE0CF50-CAED-471E-BAB1-19136F8A4BC8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B02928ED-D0E7-43CF-87C4-78421626D8A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2AF392F-D5A5-4397-86DB-1AD81C8E4D7B}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{B76C5AF5-6F66-4771-9109-E05AC2EE0543}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B96DF613-9379-4A10-9455-0309DCEDB5E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBEF581D-D6FB-4DD7-8782-2FD062B20AA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5ABBCD2-7493-4B7A-80F6-E653D4B3B9D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C853ED58-31C3-45A2-BBEB-28923E71ADB6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E226A98C-3896-4765-BF04-BDB44F92B406}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E33A29F5-9AB3-410F-9F79-705128FA28B2}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{E9175835-C1E4-49D6-9143-8AB383536785}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EBE61DED-3833-4453-BEFD-1954CFA87FF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2A53A98-C300-464B-B1CC-644B87F4076E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5C26BB4-8795-492C-B340-2AFB09756E36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9BBB3C4-4597-407E-B349-019CF787BD84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{3C0ABE58-DC1B-4974-A020-D02A8FDBBB32}C:\users\caro\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{72DCC5EE-AC7A-479A-8013-89E80065A56D}C:\users\caro\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C2BA1E07-C3E1-432F-9754-3B0636508C7C}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"UDP Query User{1D44F108-8D38-4802-9ADB-3501A8EA96D7}C:\users\caro\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{6EB7CA77-F435-44AA-848F-2DA6DC85442F}C:\users\caro\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D945B055-C0D1-495B-841E-7B8777F51F6D}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.77
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42B49E02-8422-4B41-BABA-2B282E997462}" = Moorhuhn Kart 3 Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFB9AF85-9F8F-4334-A957-4A5078D1EFF5}}_is1" = FOTOParadies
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"dm-Fotowelt" = dm-Fotowelt
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Orbit_is1" = Orbit Downloader
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2013 06:58:26 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2013 07:01:41 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2013 07:22:39 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2013 07:23:36 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 18.03.2013 17:52:01 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 20.03.2013 12:46:31 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 23.03.2013 17:35:13 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 26.03.2013 18:00:30 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 29.03.2013 10:13:01 | Computer Name = Caro-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 31.03.2013 07:47:41 | Computer Name = Caro-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 11.10.2012 16:29:03 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 13.10.2012 13:10:28 | Computer Name = Caro-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 19.10.2012 15:22:37 | Computer Name = Caro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
Error - 22.11.2012 18:41:47 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 22.11.2012 18:42:18 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 02.12.2012 18:30:39 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
 
Error - 03.12.2012 17:59:36 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 03.12.2012 18:00:06 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 12.12.2012 15:24:57 | Computer Name = Caro-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR3 ist für den Zugriff noch nicht bereit.
 
Error - 14.12.2012 15:23:03 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
 
< End of report >
         

Alt 26.04.2013, 22:33   #2
orphus
 
QVO6 Problem - Standard

QVO6 Problem



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 23:08:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Caro\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                 fffff800021ed000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                 fffff800021ed02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                              000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                            00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                            00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                     00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\ole32.dll!CoCreateInstance                                                      000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1412] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                     000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                              000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                   000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                            000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                             000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                           000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                         000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                       00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                       00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                       00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                            000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                              000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                          000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                         000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                 000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                 0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                        0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                             00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                           00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                               00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                 0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2384] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                       000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                     00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                     00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                     00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\kernel32.dll!RegSetValueExA                                              00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                          000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                            000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                               000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                        000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                         000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                       000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\ole32.dll!CoCreateInstance                                               000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                              000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                           000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                         00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                         00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                         00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                  00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                   000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\Dell\QuickSet\quickset.exe[2416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                      000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                    00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                    00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                             00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\WINDOWS\System32\igfxpers.exe[2508] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                             000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                    00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                             00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\ole32.dll!CoCreateInstance                                                              000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2540] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                             000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                        000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                      00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                      00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                      00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                               00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                           000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                             000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                         000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                               000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                          000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2580] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                        000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                              0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                     0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                     0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                     0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                       0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                          00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                        00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                            00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                               00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                       000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                         000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                              0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Users\Caro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2716] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                               0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                              0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                     0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                     0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                     0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                       0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000759d1465 2 bytes [9D, 75]
.text     C:\Users\Caro\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000759d14bb 2 bytes [9D, 75]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                       0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                              0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                              0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                              0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                   00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                 00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                     00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                        00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                  000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                       0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2932] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                        0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                000000007759efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              00000000775c99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              00000000775d94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              00000000775d9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       00000000775fa500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                   0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                   0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                   0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                     0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                             00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                     000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                       000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                            0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4008] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                             0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                       0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                       0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                       0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                         0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                 00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                         000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                           000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3228] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                 0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3448] C:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                         000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                         000007feff217490 11 bytes JMP 000007fffd7e0228
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                        000007feff22bf00 7 bytes JMP 000007fffd7e0260
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Windows\system32\wbem\unsecapp.exe[4424] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               00000000759d1465 2 bytes [9D, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000759d14bb 2 bytes [9D, 75]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  00000000759d1465 2 bytes [9D, 75]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000759d14bb 2 bytes [9D, 75]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefd7f3460 7 bytes JMP 000007fffd7e00d8
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefd7f9940 6 bytes JMP 000007fffd7e0148
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefd7fa150 5 bytes JMP 000007fffd7e0110
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007feff0889e0 8 bytes JMP 000007fffd7e01f0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007feff08be40 8 bytes JMP 000007fffd7e01b8
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                             0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                             0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                             0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                               0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                       00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                               000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                 000000007722ebdc 5 bytes JMP 00000001726d1aa0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000075b05ea5 5 bytes JMP 00000001726d1d00
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1704] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                       0000000075b39d0b 5 bytes JMP 00000001726d1c80
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                   0000000075a01429 7 bytes JMP 00000001726d1eb0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                          0000000075a1b223 5 bytes JMP 00000001726d1dc0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                          0000000075a988f4 7 bytes JMP 00000001726d1db0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                          0000000075a98979 5 bytes JMP 00000001726d1ea0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                            0000000075a98ccf 5 bytes JMP 00000001726d1e30
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                               00000000771c1d1b 5 bytes JMP 00000001726d24b0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                             00000000771c1dc9 5 bytes JMP 00000001726d2510
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                 00000000771c2aa4 5 bytes JMP 00000001726d2580
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                    00000000771c2d0a 5 bytes JMP 00000001726d26f0
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                            000000007722e9a2 5 bytes JMP 00000001726d1a10
.text     C:\Users\Caro\Downloads\gmer_2.1.19163.exe[5232] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                              000000007722ebdc 5 bytes JMP 00000001726d1aa0

---- EOF - GMER 2.1 ----
         
__________________


Alt 28.04.2013, 16:04   #3
t'john
/// Helfer-Team
 
QVO6 Problem - Standard

QVO6 Problem





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) 
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569 
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569 
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=4587569 
[2013.04.23 00:30:16 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc 
[2013.04.23 00:30:12 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Desk 365 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Caro\*.tmp
C:\Users\Caro\AppData\*.dll
C:\Users\Caro\AppData\*.exe
C:\Users\Caro\AppData\Local\Temp\*.exe
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 30.04.2013, 23:12   #4
orphus
 
QVO6 Problem - Standard

QVO6 Problem



danke für die schnelle Antwort
Hier schonmal die ersten 2 Logs: wurden angeblich keine Viren gefunden...
Code:
ATTFilter
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\sparpilot\lib folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\sparpilot\data folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\sparpilot folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\window folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\system folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\prefs folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\events folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\event folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\content folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\lib folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils\data folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\api-utils folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\addon-kit\lib folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\addon-kit\data folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources\addon-kit folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\resources folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\locale folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\defaults\preferences folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc\defaults folder moved successfully.
C:\Users\Caro\AppData\Local\Tempa4cd064a76a0e065203092015deb2ecc folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365\sysicons folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365\promote folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365\icons folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365\desk_bkg folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365\components folder moved successfully.
C:\Users\Caro\AppData\Roaming\Desk 365 folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Caro\*.tmp not found.
File\Folder C:\Users\Caro\AppData\*.dll not found.
File\Folder C:\Users\Caro\AppData\*.exe not found.
C:\Users\Caro\AppData\Local\Temp\ApnStub.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\ICQInstall.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\MSNFDC0.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\nvStInst.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\PlantsVsZombies_20110922_EN_3_1.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\qvo6.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\SHSetup.exe moved successfully.
C:\Users\Caro\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\security folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Caro\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Caro\Desktop\cmd.bat deleted successfully.
C:\Users\Caro\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Caro
->Temp folder emptied: 478594106 bytes
->Temporary Internet Files folder emptied: 264337717 bytes
->FireFox cache emptied: 123063363 bytes
->Flash cache emptied: 1861 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1901081 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245238141 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 60448471 bytes
 
Total Files Cleaned = 1.119,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_223559

Files\Folders moved on Reboot...
C:\Users\Caro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Caro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Caro :: CARO-PC [Administrator]

30.04.2013 22:59:38
mbam-log-2013-04-30 (22-59-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402106
Laufzeit: 1 Stunde(n), 6 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hier nochmal der letzte Log. Der Browser startet wieder ganz normal ohne Umleitung auf die QVO6-Seite. Hoffe damit ist das Problem behoben.

VIELEN DANK
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 01/05/2013 um 00:12:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Caro - CARO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Caro\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Désinfected : C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Désinfected : C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Datei Désinfected : C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Désinfected : C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Désinfected : C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Désinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Caro\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Caro\AppData\Roaming\eIntaller

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=ST9500420AS_5VJAWFBYXXXX5VJAWFBY&ts=1366669809 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\50hfm7ie.default-1366754857911\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4050 octets] - [01/05/2013 00:12:52]

########## EOF - C:\AdwCleaner[S1].txt - [4110 octets] ##########
         

Alt 01.05.2013, 09:05   #5
t'john
/// Helfer-Team
 
QVO6 Problem - Standard

QVO6 Problem



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Mfg, t'john
Das TB unterstützen

Alt 04.05.2013, 14:04   #6
orphus
 
QVO6 Problem - Standard

QVO6 Problem



hier die neuen Logs:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-04 12:24:51
-----------------------------
12:24:51.685    OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:51.685    Number of processors: 8 586 0x2A07
12:24:51.685    ComputerName: CARO-PC  UserName: Caro
12:24:55.360    Initialize success
12:27:41.017    AVAST engine defs: 13050400
12:28:19.846    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:28:19.861    Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
12:28:19.939    Disk 0 MBR read successfully
12:28:19.955    Disk 0 MBR scan
12:28:19.971    Disk 0 Windows 7 default MBR code
12:28:19.971    Disk 0 Partition 1 00     DE Dell Utility MSDOS5.0      101 MB offset 63
12:28:20.002    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 208896
12:28:20.017    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461837 MB offset 30928896
12:28:20.064    Disk 0 scanning C:\Windows\system32\drivers
12:28:38.535    Service scanning
12:29:08.658    Modules scanning
12:29:08.674    Disk 0 trace - called modules:
12:29:08.690    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
12:29:08.705    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc4790]
12:29:08.721    3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8007cd9cb0]
12:29:08.736    5 stdcfltn.sys[fffff8800164ac52] -> nt!IofCallDriver -> [0xfffffa8005f3e550]
12:29:08.752    7 ACPI.sys[fffff88000f9c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f44050]
12:29:10.936    AVAST engine scan C:\Windows
12:29:14.056    AVAST engine scan C:\Windows\system32
12:34:24.653    AVAST engine scan C:\Windows\system32\drivers
12:34:43.373    AVAST engine scan C:\Users\Caro
12:46:36.950    AVAST engine scan C:\ProgramData
12:48:03.062    Scan finished successfully
13:03:23.683    Disk 0 MBR has been saved successfully to "C:\Users\Caro\Desktop\MBR.dat"
13:03:23.699    The log file has been saved successfully to "C:\Users\Caro\Desktop\aswmbr.txt"
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=71bd6e4dd92c6d4db413a108b62a6f88
# engine=13753
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-04 12:31:40
# local_time=2013-05-04 02:31:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 7637 138342005 421 0
# compatibility_mode=5893 16776573 100 94 7632 119300550 0 0
# scanned=172579
# found=0
# cleaned=0
# scan_time=5074
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Danke

Alt 04.05.2013, 14:17   #7
t'john
/// Helfer-Team
 
QVO6 Problem - Standard

QVO6 Problem



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.06.2013, 07:36   #8
t'john
/// Helfer-Team
 
QVO6 Problem - Standard

QVO6 Problem



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu QVO6 Problem
antivir, avira, bho, browser, converter, desktop, downloader, enigma, error, failed, firefox, flash player, home, homepage, iexplore.exe, install.exe, logfile, microsoft office starter 2010, mozilla, mp3, nvpciflt.sys, problem, realtek, registry, security, spotify web helper, spyware, svchost.exe, virus, windows, wscript.exe



Ähnliche Themen: QVO6 Problem


  1. [WIN7] Problem Qvo6 / deltatoolbar komplett zu entfernen
    Log-Analyse und Auswertung - 19.08.2015 (15)
  2. QVO6-Problem auf Windows Vista
    Log-Analyse und Auswertung - 01.11.2013 (17)
  3. Probleme mit Qvo6
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (4)
  4. Iminent, qvo6 &...,
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (5)
  5. Problem mit QVO6.com und Installcore.gen
    Log-Analyse und Auswertung - 24.09.2013 (11)
  6. qvo6 Problem - entfernen aber wie
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (3)
  7. QVO6 Meldung
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (9)
  8. Qvo6.xml ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (55)
  9. QVO6 Befall
    Log-Analyse und Auswertung - 22.08.2013 (5)
  10. Windows 7: Problem nach qvO6-Infektion
    Log-Analyse und Auswertung - 17.08.2013 (7)
  11. qvo6 Virus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (22)
  12. Qvo6 wirklich weg?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2013 (16)
  13. Problem mit qvo6.com
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (15)
  14. qvo6 problem
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (23)
  15. Qvo6-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (11)
  16. Problem mit Qvo6 und SpyHunter!
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (13)
  17. Spyhunter 4 und Qvo6 - Was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (18)

Zum Thema QVO6 Problem - Hallo, Ich bin neu hier und etwas verwirrt.... Im Thread zur Eröffnung eines neuen Themas steht man solle nicht einfach blind den Anweisungen eines bereits vorhandenen Threads folgen und hier - QVO6 Problem...
Archiv
Du betrachtest: QVO6 Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.