Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WSsetup.exe Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.06.2013, 16:48   #1
riza2177
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Hallo,

ich hoffe mir kann jemand helfen es geht um das WSsetup.exe Problem.

Ich habe mal die Logfiles erstellst und poste diese im Anhang.

Danbke schon mal für die Hilfe.

Viele Grüße

riza2177

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by drz on 11.06.2013 at 15:26:52,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] ibupdaterservice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Empty Folder] C:\Users\drz\appdata\local\{592b1764-b969-feb7-7bb4-ab2f00633538}



~~~ FireFox

Successfully deleted: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\bprotector_prefs.js
Failed to delete: [File] C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\babylon.xml
Successfully deleted the following from C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=788268A3C49221B0");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 15:35:29,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 11.06.2013 15:40:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\drz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,48% Memory free
7,86 Gb Paging File | 5,79 Gb Available in Paging File | 73,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,09 Gb Total Space | 162,38 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
Drive D: | 222,09 Gb Total Space | 221,99 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: DASREISEZENTRUM | User Name: drz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\drz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\jmdp\stij.exe ()
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Windows\SysWOW64\BRSS01A.EXE (brother Industries Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\jmdp\stij.exe ()
MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\opensc-pkcs11.dll ()

Alt 11.06.2013, 17:00   #2
M-K-D-B
/// TB-Ausbilder
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 11.06.2013, 17:01   #3
M-K-D-B
/// TB-Ausbilder
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Servus,



ich brauche mehr Informationen... bitte alle Tools genau so ausführen:







Schritt 1
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________
__________________

Alt 11.06.2013, 19:30   #4
riza2177
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Hallo Matthias,

hier die gewünschten Daten:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 18:00:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\drz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,04% Memory free
7,86 Gb Paging File | 5,89 Gb Available in Paging File | 74,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,09 Gb Total Space | 162,25 Gb Free Space | 73,06% Space Free | Partition Type: NTFS
Drive D: | 222,09 Gb Total Space | 221,99 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: DASREISEZENTRUM | User Name: drz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 12:54:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\drz\Downloads\OTL.exe
PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.07 15:10:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.16 09:16:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.16 09:15:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.17 19:35:39 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.27 12:59:28 | 000,076,288 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.03 08:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.11.11 17:58:02 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010.11.11 17:57:58 | 000,181,624 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010.11.05 17:27:50 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010.10.26 17:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010.10.26 17:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010.02.24 20:19:02 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001.12.13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013.05.17 09:12:13 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.17 09:12:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.17 09:12:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.17 09:11:53 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.05.17 09:11:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013.01.11 11:51:04 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 19:12:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 19:12:16 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 19:12:16 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 19:12:14 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 19:12:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.03 08:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.12.03 05:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010.11.11 17:57:58 | 000,210,304 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2010.11.11 17:57:58 | 000,181,624 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2010.11.11 04:51:21 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.23 10:17:33 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 10:06:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.16 09:16:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.16 09:15:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011.12.09 19:47:40 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Programme\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 12:59:28 | 000,076,288 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.23 13:45:00 | 000,024,576 | ---- | M] (Galileo International) [Auto | Running] -- C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe -- (Galileo SSL Tunnel)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.16 09:16:48 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.16 09:16:48 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.16 09:16:48 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.17 19:35:21 | 000,116,480 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 11:27:22 | 000,078,080 | ---- | M] (Identive                                                    ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S332x64.sys -- (S332x64)
DRV:64bit: - [2011.11.27 00:20:48 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.03 05:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009.11.03 05:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=788268A3C49221B0
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=788268A3C49221B0
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{22AE64D6-4A39-402E-8424-91B8652687B6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{2400F66B-DDB5-406F-810D-7B48743CFB33}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE540
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.23 12:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 09:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\extensions\mail@shopping-preise.de
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013.06.11 12:36:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 09:44:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.05 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.11.26 23:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drz\AppData\Roaming\mozilla\Extensions
[2013.06.11 15:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drz\AppData\Roaming\mozilla\Firefox\Profiles\4bt7ckq7.default\extensions
[2013.06.11 12:36:32 | 000,006,470 | ---- | M] () -- C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\babylon.xml
[2013.06.11 15:29:15 | 000,002,120 | ---- | M] () -- C:\Users\drz\AppData\Roaming\mozilla\firefox\profiles\4bt7ckq7.default\searchplugins\MyStart.xml
[2013.05.23 10:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.05.23 10:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.23 10:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 10:17:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=788268A3C49221B0
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.114_0\
CHR - Extension: No name found = C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Programme\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [AVMUSBFernanschluss] C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EDA72C2-CFC3-4D81-BC06-175D3FFE0548}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.06.06 10:41:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2013.06.06 11:08:20 | 000,000,054 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{dfc96227-5878-4b83-b838-8dbd3f05dc84} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 14:41:23 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Google
[2013.06.11 12:40:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.11 12:40:17 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.11 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\drz\Local Settings
[2013.06.11 12:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.11 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.06.11 12:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics
[2013.06.11 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.11 12:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.06 11:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galileo Print Manager
[2013.06.06 11:07:21 | 000,000,000 | ---D | C] -- C:\My Documents
[2013.06.06 11:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focalpoint
[2013.06.06 10:54:55 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2013.06.06 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Travelport
[2013.06.06 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Travelport,_inc
[2013.06.06 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Local\Travelport
[2013.06.06 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Travelport
[2013.06.06 10:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galileo Desktop
[2013.06.06 10:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013.06.06 10:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Galileo International Shared
[2013.06.06 10:16:19 | 000,000,000 | ---D | C] -- C:\fp
[2013.06.06 10:15:21 | 000,335,872 | ---- | C] (Galileo) -- C:\Windows\SysWow64\fpcpl2app.cpl
[2013.06.06 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galileo
[2013.06.05 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.06.05 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.06.03 09:12:23 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.06.03 09:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.05.29 09:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.29 09:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.05.29 09:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.24 18:15:21 | 000,000,000 | ---D | C] -- C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myJACK
[2013.05.23 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 12:25:51 | 000,000,000 | ---D | C] -- C:\Users\drz\Desktop\Neuer Ordner (2)
[2013.05.17 09:08:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.17 09:08:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.17 09:08:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.17 09:08:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 09:08:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.17 09:08:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.17 09:08:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 09:08:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.17 09:08:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.17 09:08:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.17 09:08:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.17 09:08:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.17 09:08:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 09:08:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.17 09:08:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 09:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.16 09:09:38 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 09:09:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 09:09:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 09:09:30 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 09:09:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 09:09:30 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 09:09:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.06.11 17:08:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 17:08:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 17:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 17:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 15:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 15:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 15:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 15:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 15:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 15:25:21 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:25:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.06.11 15:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 15:25:00 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 12:36:22 | 000,001,177 | ---- | M] () -- C:\Users\drz\Desktop\Check for Updates.lnk
[2013.06.11 11:01:57 | 568,889,257 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.07 15:29:32 | 000,023,587 | ---- | M] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai neu.pdf
[2013.06.06 16:03:59 | 003,794,165 | ---- | M] () -- C:\Users\drz\Desktop\KaribikreiseDerTour.pdf
[2013.06.06 12:48:04 | 000,280,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.06 11:08:20 | 000,000,054 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013.06.06 11:08:17 | 000,000,780 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Manager.lnk
[2013.06.06 10:41:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
[2013.06.06 10:40:58 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\Galileo Desktop.lnk
[2013.06.06 10:12:58 | 000,002,076 | ---- | M] () -- C:\Windows\setup.ini
[2013.06.04 17:54:59 | 001,805,598 | ---- | M] () -- C:\Users\drz\Desktop\Angebot Frau Frohnen Tunesien.pdf
[2013.05.31 09:55:09 | 000,208,613 | ---- | M] () -- C:\Users\drz\Desktop\Rücktrittsschreiben.pdf
[2013.05.31 09:51:47 | 000,214,435 | ---- | M] () -- C:\Users\drz\Desktop\Ganzseitiges Foto.pdf
[2013.05.28 16:27:08 | 002,714,224 | ---- | M] () -- C:\Users\drz\Desktop\Angebote Herr Baumann HR Hotel.pdf
[2013.05.28 09:37:15 | 000,023,592 | ---- | M] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai.pdf
[2013.05.27 11:40:43 | 000,000,376 | ---- | M] () -- C:\Users\drz\irisplus-user.properties
[2013.05.24 18:25:14 | 000,038,054 | ---- | M] () -- C:\Users\drz\Desktop\5002622.pdf
[2013.05.21 18:00:19 | 000,047,903 | ---- | M] () -- C:\Users\drz\Desktop\Borris Schwerkolt Reklamation.pdf
[2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.21 13:25:53 | 000,000,429 | ---- | M] () -- C:\Users\drz\Documents\ChatLog FTI GROUP Start up  Schulung KW 21 2013_05_21 13_25.rtf
[2013.05.16 10:06:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 10:06:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 12:36:22 | 000,001,177 | ---- | C] () -- C:\Users\drz\Desktop\Check for Updates.lnk
[2013.06.07 15:29:59 | 000,023,587 | ---- | C] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai neu.pdf
[2013.06.06 16:04:19 | 003,794,165 | ---- | C] () -- C:\Users\drz\Desktop\KaribikreiseDerTour.pdf
[2013.06.06 11:08:17 | 000,000,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Manager.lnk
[2013.06.06 10:41:17 | 000,000,054 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013.06.06 10:41:17 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.001
[2013.06.06 10:40:58 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\Galileo Desktop.lnk
[2013.06.06 10:12:57 | 000,002,076 | ---- | C] () -- C:\Windows\setup.ini
[2013.06.04 17:55:31 | 001,805,598 | ---- | C] () -- C:\Users\drz\Desktop\Angebot Frau Frohnen Tunesien.pdf
[2013.06.03 09:12:23 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.31 09:55:08 | 000,208,613 | ---- | C] () -- C:\Users\drz\Desktop\Rücktrittsschreiben.pdf
[2013.05.31 09:51:06 | 000,214,435 | ---- | C] () -- C:\Users\drz\Desktop\Ganzseitiges Foto.pdf
[2013.05.28 16:27:35 | 002,714,224 | ---- | C] () -- C:\Users\drz\Desktop\Angebote Herr Baumann HR Hotel.pdf
[2013.05.28 09:37:54 | 000,023,592 | ---- | C] () -- C:\Users\drz\Desktop\RechnungNackenheimerReisebüroMärz-Mai.pdf
[2013.05.24 18:25:14 | 000,038,054 | ---- | C] () -- C:\Users\drz\Desktop\5002622.pdf
[2013.05.21 18:00:30 | 000,047,903 | ---- | C] () -- C:\Users\drz\Desktop\Borris Schwerkolt Reklamation.pdf
[2013.05.21 13:25:53 | 000,000,429 | ---- | C] () -- C:\Users\drz\Documents\ChatLog FTI GROUP Start up  Schulung KW 21 2013_05_21 13_25.rtf
[2013.04.02 12:59:25 | 000,060,864 | ---- | C] () -- C:\Users\drz\g2mdlhlpx.exe
[2012.12.11 17:39:11 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2012.12.11 17:39:11 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll
[2012.12.11 17:39:10 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2012.12.11 17:39:10 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2012.10.12 16:28:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi
[2012.07.17 11:13:51 | 000,000,302 | ---- | C] () -- C:\Windows\{7497BB4F-CE23-47D4-B2CB-62548080F74F}_WiseFW.ini
[2012.06.21 12:05:37 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.06.21 12:05:37 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.06.10 13:11:56 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012.03.12 17:01:54 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2012.03.12 13:25:18 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.03 15:44:56 | 000,000,035 | ---- | C] () -- C:\Users\drz\irisplus-iplusbos.properties
[2011.12.12 19:49:17 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.30 13:05:41 | 000,000,127 | ---- | C] () -- C:\Users\drz\irisplus-iplustra.properties
[2011.11.30 13:00:46 | 000,000,376 | ---- | C] () -- C:\Users\drz\irisplus-user.properties
[2011.11.27 00:33:28 | 000,000,774 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.11.27 00:33:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.11.27 00:32:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.11.27 00:32:07 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.07.15 13:49:46 | 001,260,032 | ---- | C] () -- C:\Windows\SysWow64\opensc-minidriver.dll
[2011.07.15 13:49:36 | 001,577,984 | ---- | C] () -- C:\Windows\SysWow64\opensc-pkcs11.dll
[2011.07.15 13:49:36 | 001,577,984 | ---- | C] () -- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll
[2010.08.27 12:12:48 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{592b1764-b969-feb7-7bb4-ab2f00633538}\L
[2012.06.26 18:18:26 | 000,002,048 | -HS- | M] () -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\drz\AppData\Local\{592b1764-b969-feb7-7bb4-ab2f00633538}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Punkt2:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:33 on 11/06/2013 (drz)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Geändert von riza2177 (11.06.2013 um 19:50 Uhr)

Alt 11.06.2013, 19:51   #5
riza2177
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Punkt3:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 19:46:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.JC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\drz\AppData\Local\Temp\uwayyaoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                                                                   fffff800031bb000 65 bytes [55, 6C, 58, 52, 01, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                                                                                                                   fffff800031bb042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                                000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                       0000000075001465 2 bytes [00, 75]
.text     C:\Windows\SysWOW64\brsvc01a.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                      00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                                 000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                        0000000075001465 2 bytes [00, 75]
.text     C:\Windows\SysWOW64\brss01a.exe[1508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                       00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1768] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                    000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\user32.dll!DialogBoxParamW                                                                                                                   000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                          0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                         00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                     000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                            0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                           00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                            000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                   000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                        0000000075001465 2 bytes [00, 75]
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                       00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\OEM\USBDECTION\USBS3S4Detection.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                  000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                               000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000075001465 2 bytes [00, 75]
.text     C:\Windows\SysWOW64\jmdp\stij.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                    000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                           0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                    000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                           0000000075001465 2 bytes [00, 75]
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                          00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                    000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                           0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                          00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                                                   000000006dac11a8 2 bytes [AC, 6D]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                                                             000000006dac13a8 2 bytes [AC, 6D]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                                                                 000000006dac1422 2 bytes [AC, 6D]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[4576] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                                                          000000006dac1498 2 bytes [AC, 6D]
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[4704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                             000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                       0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                    000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                           0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                 0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                             000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                    0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                   00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                            000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                   0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                  00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                   000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                          0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                         00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                            000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                   0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                  00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                       0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                      00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                             000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075001465 2 bytes [00, 75]
.text     C:\Users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\fritzbox-usb-fernanschluss.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\PDF24\pdf24.exe[5064] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                          000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                  000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                         0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                        00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                               000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                     00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                     000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                            0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                           00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                             000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                    0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                   00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                    0000000075001465 2 bytes [00, 75]
.text     C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                   00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Users\drz\Downloads\Defogger.exe[7336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                             000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002d955984 4 bytes [22, 46, 20, BA]
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                              000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                               000000007785f9c0 5 bytes JMP 0000000171495f49
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                         000000007785f9d8 5 bytes JMP 0000000171496411
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                             000000007785fa08 5 bytes JMP 000000017149016d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                   000000007785fa20 5 bytes JMP 000000017148fbca
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                            000000007785fa70 5 bytes JMP 000000017148fa44
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                       000000007785fa88 2 bytes JMP 000000017148fb52
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3                                                                                   000000007785fa8b 2 bytes [C3, F9]
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                           000000007785fb20 5 bytes JMP 0000000171490424
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                  000000007785fc18 5 bytes JMP 0000000171494369
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                        000000007785fd2c 5 bytes JMP 000000017148f9cc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                            000000007785fd44 5 bytes JMP 0000000171494959
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                  000000007785fd78 5 bytes JMP 00000001714939de
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                     000000007785fe24 5 bytes JMP 0000000171495fc4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                 000000007785fe3c 5 bytes JMP 0000000171494adb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                          0000000077860094 5 bytes JMP 0000000171494791
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                         00000000778601a4 5 bytes JMP 000000017148fc42
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                          00000000778609c4 5 bytes JMP 0000000171494584
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                           00000000778609dc 5 bytes JMP 000000017148cc5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                      0000000077860a24 5 bytes JMP 000000017148cd29
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                            0000000077860b60 5 bytes JMP 000000017148ccc2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077860f50 5 bytes JMP 000000017148fcba
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077860f68 5 bytes JMP 000000017148ff45
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                           0000000077860ff8 5 bytes JMP 00000001714901fd
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                             000000007786131c 5 bytes JMP 0000000171494b6b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                               000000007786145c 5 bytes JMP 000000017148fec9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                 0000000077861508 5 bytes JMP 0000000171496389
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                           00000000778616f8 1 byte JMP 000000017148d138
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2                                                                                       00000000778616fa 3 bytes {JMP 0xfffffffff9c2ba40}
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                   0000000077861a38 5 bytes JMP 000000017148facc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                   0000000077861b7c 5 bytes JMP 000000017149616c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                     00000000757f103d 5 bytes JMP 00000001714693a9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                     00000000757f1072 5 bytes JMP 00000001714694e7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                               000000007581c9b5 5 bytes JMP 000000017146971d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                   00000000758700c3 5 bytes JMP 0000000171469efe
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                   000000007587016b 5 bytes JMP 000000017146a231
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                            0000000075872c91 5 bytes JMP 0000000171469aa0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!AllocConsole                                                                                       0000000075896b3e 5 bytes JMP 0000000171497431
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\kernel32.dll!AttachConsole                                                                                      0000000075896c02 5 bytes JMP 0000000171497443
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                   0000000076f42aa4 5 bytes JMP 000000017146a43c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                      0000000075378a29 5 bytes JMP 0000000171497419
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                      000000007537d22e 5 bytes JMP 0000000171497401
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                      000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                                                                                      000000007512d2b2 5 bytes JMP 0000000171477617
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\GDI32.dll!AddFontResourceA                                                                                      000000007512d7bb 5 bytes JMP 00000001714775fb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                             00000000754c1e3a 7 bytes JMP 000000017147a3b9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                              00000000754cb466 7 bytes JMP 000000017147b2da
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                 00000000754e78ff 7 bytes JMP 000000017147aa60
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                             00000000754e79bb 7 bytes JMP 000000017147ac11
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                              00000000754ea3e2 7 bytes JMP 000000017147b3a0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                               0000000075502538 5 bytes JMP 000000017146985f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                 0000000075521b94 7 bytes JMP 000000017147ab18
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                             0000000075521c31 7 bytes JMP 000000017147acc9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                0000000075522021 7 bytes JMP 000000017147b21c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                             0000000075522104 7 bytes JMP 000000017147a470
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                0000000075522221 5 bytes JMP 000000017147b15e
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlService                                                                                      0000000076a64d5c 7 bytes JMP 000000017147a1fe
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                  0000000076a64dc3 7 bytes JMP 000000017147a527
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                  0000000076a64e4b 7 bytes JMP 000000017147a28a
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                0000000076a64eaf 7 bytes JMP 000000017147a31d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!StartServiceW                                                                                       0000000076a64f35 7 bytes JMP 000000017147a079
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!StartServiceA                                                                                       0000000076a6508d 7 bytes JMP 000000017147a10f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                          0000000076a650f4 7 bytes JMP 000000017147b02c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                            0000000076a65181 7 bytes JMP 000000017147b0c8
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                0000000076a65254 7 bytes JMP 000000017147a728
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                0000000076a653d5 7 bytes JMP 000000017147a643
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                               0000000076a654c2 7 bytes JMP 000000017147a9ca
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                               0000000076a655e2 7 bytes JMP 000000017147a934
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                      0000000076a6567c 7 bytes JMP 0000000171479e5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                      0000000076a6589f 7 bytes JMP 0000000171479d85
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                       0000000076a65a22 7 bytes JMP 000000017147a5b5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                 0000000076a65a83 7 bytes JMP 000000017147ae5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                 0000000076a65b29 7 bytes JMP 000000017147adc2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                   0000000076a65ca0 7 bytes JMP 0000000171479535
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                   0000000076a65d8c 7 bytes JMP 00000001714794bc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                      0000000076a663ad 7 bytes JMP 0000000171479a83
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                      0000000076a664f0 7 bytes JMP 0000000171479b0f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                0000000076a66633 7 bytes JMP 000000017147af90
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                0000000076a6680c 7 bytes JMP 000000017147aef4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenServiceW                                                                                        0000000076a6714b 7 bytes JMP 0000000171479bf8
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\SysWOW64\sechost.dll!OpenServiceA                                                                                        0000000076a67245 7 bytes JMP 0000000171479c84
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                     000000007677c56e 5 bytes JMP 00000001714811c4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                              000000007677ea09 7 bytes JMP 0000000171481795
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleRun                                                                                                00000000767807de 5 bytes JMP 0000000171481650
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                 00000000767821e1 5 bytes JMP 00000001714822c5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleUninitialize                                                                                       000000007678eba1 6 bytes JMP 000000017148156f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleInitialize                                                                                         000000007678efd7 5 bytes JMP 00000001714814ff
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetPSClsid                                                                                          00000000767926b9 5 bytes JMP 000000017148133c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                                                      00000000767a54ad 5 bytes JMP 0000000171482853
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoInitializeEx                                                                                        00000000767b09ad 5 bytes JMP 00000001714813af
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoUninitialize                                                                                        00000000767b86d3 5 bytes JMP 0000000171481431
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                      00000000767b9d0b 5 bytes JMP 0000000171483b21
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                    00000000767b9d4e 5 bytes JMP 0000000171481c5c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                             00000000767dbb09 7 bytes JMP 00000001714816c0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                   00000000767feacf 5 bytes JMP 0000000171480c21
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                 000000007683340b 5 bytes JMP 0000000171482d13
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                   000000007687cfd9 5 bytes JMP 00000001714815da
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject                                                                               000000007690279e 5 bytes JMP 0000000171480eb4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject                                                                                 0000000076903294 5 bytes JMP 0000000171480fd5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject                                                                                    0000000076918f40 5 bytes JMP 0000000171481048
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                             0000000075001465 2 bytes [00, 75]
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2
.text     C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                       000000007539cfca 5 bytes JMP 0000000173564970
.text     C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000075001465 2 bytes [00, 75]
.text     C:\Users\drz\Downloads\gmer_2.1.19163.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                             00000000750014bb 2 bytes [00, 75]
.text     ...                                                                                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [4336:5304]                                                                                                                                                                                          000000006bddb5fc
Thread    C:\Windows\system32\svchost.exe [4336:5320]                                                                                                                                                                                          000000006db81760
Thread    C:\Windows\system32\svchost.exe [4336:5336]                                                                                                                                                                                          00000000741e2234
Thread    C:\Windows\system32\svchost.exe [4336:5340]                                                                                                                                                                                          000000006be00398
Thread    C:\Windows\system32\svchost.exe [4336:5348]                                                                                                                                                                                          000000006bdd6394
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6384]                                                                                                                                                  000007fef901cc10
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6388]                                                                                                                                                  000007fef8edb564
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6372:6412]                                                                                                                                                  000007fef8edb564

---- EOF - GMER 2.1 ----
         
--- --- ---


Alt 11.06.2013, 20:31   #6
M-K-D-B
/// TB-Ausbilder
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Servus,




AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten!



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).







Danach geht es mit ComboFix weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> WSsetup.exe Problem

Alt 12.06.2013, 09:49   #7
riza2177
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Hallo,

Datei1AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 12/06/2013 um 09:41:18 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : drz - DASREISEZENTRUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\drz\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserDefendert
Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\drz\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\drz\Desktop\Check for Updates.lnk
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\Freeware.de
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\XingHaoLyrics
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\drz\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\drz\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\drz\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\drz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\TempDir
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5ced6dbb63cee48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5ced6dbb63cee48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ED25F14-84F4-42EF-AC1B-E3CBB089E4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56EA303A-8F0E-4A13-A753-472ECC7C4D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=0ebbd7c2-6bc5-4e60-b6fb-cea9a04c3751&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=78826[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [25285 octets] - [12/06/2013 09:41:18]

########## EOF - C:\AdwCleaner[S1].txt - [25346 octets] ##########
         
--- --- ---

Datei 2AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 12/06/2013 um 09:44:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : drz - DASREISEZENTRUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\drz\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\ProgramData\BrowserDefender

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\drz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [25324 octets] - [12/06/2013 09:41:18]
AdwCleaner[S2].txt - [2049 octets] - [12/06/2013 09:44:33]

########## EOF - C:\AdwCleaner[S2].txt - [2109 octets] ##########
         
--- --- ---


So und nun der rest.
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-08.02 - drz 12.06.2013  10:12:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4023.2633 [GMT 2:00]
ausgeführt von:: c:\users\drz\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\drz\AppData\Roaming\Microsoft\Windows\Recent\Transhotel_TOR_System(1).url
c:\users\drz\AppData\Roaming\Microsoft\Windows\Recent\Transhotel_TOR_System.url
c:\users\drz\g2mdlhlpx.exe
c:\windows\SysWow64\office.exe
c:\windows\vpuninst.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-12 bis 2013-06-12  ))))))))))))))))))))))))))))))
.
.
2013-06-12 08:19 . 2013-06-12 08:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-12 08:11 . 2013-06-12 08:11	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{29352861-9EF6-444C-AA0C-59927A2241EF}\offreg.dll
2013-06-11 10:40 . 2013-06-11 10:40	--------	d-----w-	c:\windows\ERUNT
2013-06-11 10:40 . 2013-06-11 13:26	--------	d-----w-	C:\JRT
2013-06-11 10:36 . 2013-06-11 10:36	--------	d-----w-	c:\program files (x86)\7-Zip
2013-06-11 07:31 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{29352861-9EF6-444C-AA0C-59927A2241EF}\mpengine.dll
2013-06-06 09:07 . 2013-06-06 09:07	--------	d-----w-	c:\program files (x86)\Focalpoint
2013-06-06 09:07 . 2013-06-06 09:07	--------	d-----w-	C:\My Documents
2013-06-06 08:54 . 2001-04-20 06:05	304128	----a-w-	c:\windows\IsUninst.exe
2013-06-06 08:53 . 2013-06-06 08:53	--------	d-----w-	c:\users\drz\AppData\Roaming\Travelport
2013-06-06 08:53 . 2013-06-06 08:53	--------	d-----w-	c:\users\drz\AppData\Local\Travelport
2013-06-06 08:44 . 2013-06-06 08:44	--------	d-----w-	c:\program files (x86)\Travelport
2013-06-06 08:40 . 2013-06-06 08:44	--------	d-----w-	c:\program files (x86)\Common Files\Galileo International Shared
2013-06-06 08:16 . 2013-06-06 08:40	--------	d-----w-	C:\fp
2013-06-06 08:15 . 2008-01-08 12:04	335872	----a-w-	c:\windows\SysWow64\fpcpl2app.cpl
2013-06-06 08:07 . 2013-06-06 08:07	--------	d-----w-	c:\program files (x86)\Galileo
2013-06-05 07:44 . 2013-06-05 07:44	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-05 07:44 . 2013-06-05 07:44	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-05 07:44 . 2013-06-05 07:44	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-05 07:44 . 2013-06-05 07:44	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-05 07:44 . 2013-06-05 07:44	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-06-05 07:43 . 2013-06-05 07:44	--------	d-----w-	c:\program files (x86)\QuickTime
2013-06-03 07:12 . 2013-06-03 07:12	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-03 07:12 . 2013-06-03 07:12	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-03 07:12 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-03 07:12 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-05-29 07:48 . 2013-05-29 07:48	--------	d-----w-	c:\program files\iPod
2013-05-29 07:48 . 2013-05-29 07:48	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-29 07:48 . 2013-05-29 07:48	--------	d-----w-	c:\program files\iTunes
2013-05-29 07:48 . 2013-05-29 07:48	--------	d-----w-	c:\program files (x86)\iTunes
2013-05-17 07:09 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-17 07:09 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-17 07:09 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-16 07:50 . 2013-05-17 07:05	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 07:12 . 2011-12-27 08:16	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-16 08:06 . 2012-03-29 13:25	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 08:06 . 2011-11-29 08:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 08:00 . 2010-06-24 09:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-02-01 09:23	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-16 07:09	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 07:09	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 07:09	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 07:09	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 07:09	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:09	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 07:08	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-18 09:29	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04 . 2013-04-11 07:39	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 07:39	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 07:39	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 07:39	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 07:39	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 07:39	112640	----a-w-	c:\windows\system32\smss.exe
2012-05-15 08:33 . 2012-10-12 14:28	1456640	----a-w-	c:\program files (x86)\Common Files\Falk Navi-Manager classic.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"AVMUSBFernanschluss"="c:\users\drz\AppData\Local\Apps\2.0\C4BQPB3Z.RZ4\EBL5N5K6.E96\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe" [2012-12-17 139264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-12-03 618600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2010-02-24 171104]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-11-05 124136]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Print Manager.lnk - c:\my documents\Focalpoint PM\Host.gsa [2013-6-6 66]
RTK-Unabhängikeitsplattform.lnk - c:\bo.sys\bin\bosys.exe [2012-1-3 557056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 S332x64;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\S332x64.sys;c:\windows\SYSNATIVE\DRIVERS\S332x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
S2 Galileo SSL Tunnel;Galileo SSL Tunnel;c:\program files (x86)\Galileo\SSL\SSLClientService.exe;c:\program files (x86)\Galileo\SSL\SSLClientService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 09:05	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:06]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 09:29]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 09:29]
.
2013-06-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-05 2122856]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2011-12-09 900992]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Mit PDF Viewer Plus öffnen - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\drz\AppData\Roaming\Mozilla\Firefox\Profiles\4bt7ckq7.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39} - c:\program files (x86)\ParetoLogic\FileCure\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1276076373-2867002076-3204613285-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1276076373-2867002076-3204613285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12  10:22:30
ComboFix-quarantined-files.txt  2013-06-12 08:22
.
Vor Suchlauf: 15 Verzeichnis(se), 173.240.295.424 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 174.812.647.424 Bytes frei
.
- - End Of File - - FAC8B0DE45B19383C9ACFF07D078457C
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

Alt 13.06.2013, 17:50   #8
M-K-D-B
/// TB-Ausbilder
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Servus,



sorry für die Verspätung, hab grad viel um die Ohren.



Gut gemacht.
Wir spüren noch die letzten Reste auf, damit wir sie im Anschluss entfernen können.





Schritt 1
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List
  • Klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *bProtector*
    *BrowserDefender*
    *ParetoLogic*
    *Freeware.de*
    *XingHaoLyrics*
    *Web Assistant*
    *AskSearch*
    *DataMngr*
    *FilesFrog*
    *incredibar*
    *PricePeep*
    
    :folderfind
    *bProtector*
    *BrowserDefender*
    *ParetoLogic*
    *Freeware.de*
    *XingHaoLyrics*
    *Web Assistant*
    *AskSearch*
    *DataMngr*
    *FilesFrog*
    *incredibar*
    *PricePeep*
    
    :regfind
    bProtector
    BrowserDefender
    ParetoLogic
    Freeware.de
    XingHaoLyrics
    Web Assistant
    AskSearch
    DataMngr
    FilesFrog
    incredibar
    PricePeep
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft dein Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 18.06.2013, 19:57   #9
M-K-D-B
/// TB-Ausbilder
 
WSsetup.exe Problem - Standard

WSsetup.exe Problem



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu WSsetup.exe Problem
.dll, acer, adobe, antivir, avg, avira, bingbar, desktop, explorer, format, home, hotkey, internet, internet explorer, logfiles, mcafee, microsoft, mozilla, opera, pdf, pmmupdate.exe, problem, registry, security, service.exe, software, windows



Ähnliche Themen: WSsetup.exe Problem


  1. WSSETUP.EXE eingefangen
    Log-Analyse und Auswertung - 22.09.2014 (8)
  2. Problem durch wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (8)
  3. wssetup.exe eingefangen
    Log-Analyse und Auswertung - 22.07.2013 (22)
  4. Problem mit wssetup Perion Network
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (24)
  5. wssetup exe
    Log-Analyse und Auswertung - 29.06.2013 (29)
  6. wssetup.exe eingefangen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (11)
  7. wssetup
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (7)
  8. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (15)
  9. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (18)
  10. wssetup.exe - das bekannte Problem
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (11)
  11. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (8)
  12. Problem mit wssetup.exe !
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (12)
  13. Habe auch das wssetup.exe Problem
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (13)
  14. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (7)
  15. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (13)
  16. wssetup.exe
    Log-Analyse und Auswertung - 11.06.2013 (3)
  17. wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (7)

Zum Thema WSsetup.exe Problem - Hallo, ich hoffe mir kann jemand helfen es geht um das WSsetup.exe Problem. Ich habe mal die Logfiles erstellst und poste diese im Anhang. Danbke schon mal für die Hilfe. - WSsetup.exe Problem...
Archiv
Du betrachtest: WSsetup.exe Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.