| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Super Anti Spyware findet bei jedem Scan mehr als 80 ThreatsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.01.2013, 15:44
| #1 |
 |  Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Hallo zusammen, auch nach dem Löschen der Schädlinge finden sich diese bzw. ähnliche nach Online Ausflügen wieder auf dem Rechner. Nach jedem Scan wird etwas gefunden.OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.01.2013 13:44:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads\HJ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,31% Memory free 7,96 Gb Paging File | 6,50 Gb Available in Paging File | 81,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 19,62 Gb Free Space | 19,64% Space Free | Partition Type: NTFS Drive D: | 365,76 Gb Total Space | 45,15 Gb Free Space | 12,34% Space Free | Partition Type: NTFS Computer Name: DAMPFLOK | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 00:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\HJ\OTL.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2012.10.23 23:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 20:38:00 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.07.16 20:37:46 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2012.10.23 23:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.07.28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.11 17:08:15 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.30 00:31:24 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 20:38:00 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.07.16 20:37:46 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.01.05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.11.04 13:44:08 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.11.04 10:35:05 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.07.11 14:32:12 | 000,013,728 | ---- | M] (Fengtao Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvdfabio.sys -- (dvdfabio) DRV:64bit: - [2012.07.11 14:32:10 | 000,046,496 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdrive.sys -- (vdrive) DRV:64bit: - [2012.06.11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2012.06.08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012.06.08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.19 15:43:50 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2012.01.25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2011.12.09 14:27:31 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.12.09 14:27:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2011.12.09 14:27:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2011.11.08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010.03.12 10:39:30 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2008.07.20 19:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV - [2012.02.07 15:46:12 | 000,023,816 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys -- (cpuz135) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\Superantispyware\SASDIFSV64.SYS -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\Superantispyware\SASKUTIL64.SYS -- (SASKUTIL) DRV - [2011.02.10 10:22:58 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=b5e75353-185d-11e1-950f-bd2624297009&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 3E C8 61 5A 71 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=b5e75353-185d-11e1-950f-bd2624297009&q={searchTerms} IE - HKCU\..\SearchScopes\{140883E1-5AAD-4561-BCC3-11F1842F3A3F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=EE1CA4E0-B378-4024-8D2B-26FFC6465891&apn_sauid=82FDF0C5-B393-4367-85B6-DA74D1457EC3 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{EEE8A80F-3037-48C4-8B0E-3931471D99B4}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 17:08:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:08:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 17:08:09 | 000,000,000 | ---D | M] [2011.09.12 17:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2012.12.15 21:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\jywlk3gx.default\extensions [2011.11.26 19:37:54 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\jywlk3gx.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} [2012.01.02 16:27:03 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\extensions\alarm@gutscheinsammler.de.xpi [2011.09.12 17:19:15 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2012.06.01 19:20:55 | 000,002,323 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\askcom.xml [2013.01.10 11:32:58 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\icqplugin.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\startsear.xml [2013.01.11 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.11 17:08:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.11 17:08:15 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 21:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.12 23:30:41 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.08 21:37:03 | 000,001,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% 127.0.0.1 alcohol-soft.com # alcohol 120% 127.0.0.1 images.alcohol-soft.com # alcohol 120% 127.0.0.1 mermaidconsulting.dk # alcohol 120% 127.0.0.1 195.137.236.101 O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\xxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Superantispyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3073A723-D965-469E-8471-EAA7C95A3E6E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3ac38959-3bc1-11e2-964c-406186b371ba}\Shell - "" = AutoRun O33 - MountPoints2\{3ac38959-3bc1-11e2-964c-406186b371ba}\Shell\AutoRun\command - "" = H:\MotorolaDeviceManagerSetup.exe -a O33 - MountPoints2\{609af750-e6bb-11e0-8e7d-406186b371ba}\Shell - "" = AutoRun O33 - MountPoints2\{609af750-e6bb-11e0-8e7d-406186b371ba}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{ff8537f1-555f-11e1-9375-b070925ec614}\Shell - "" = AutoRun O33 - MountPoints2\{ff8537f1-555f-11e1-9375-b070925ec614}\Shell\AutoRun\command - "" = J:\DPFMate.exe O33 - MountPoints2\{ff8537fb-555f-11e1-9375-b070925ec614}\Shell - "" = AutoRun O33 - MountPoints2\{ff8537fb-555f-11e1-9375-b070925ec614}\Shell\AutoRun\command - "" = J:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 17:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.11 09:47:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2013.01.11 09:42:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.11 09:42:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.11 09:42:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.11 09:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.11 09:36:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.29 15:04:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Skyrim [2012.12.28 20:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.12.28 20:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.12.28 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.28 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.25 13:08:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Tor Browser [2012.12.19 20:51:16 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.12.17 21:53:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.16 21:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012.12.16 21:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2012.02.19 15:43:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\xxx\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.12 13:47:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 13:47:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 13:47:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 13:47:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 13:47:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 13:40:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 13:40:49 | 3207,114,752 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 13:27:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 13:27:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 09:42:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.11 09:37:01 | 000,476,008 | ---- | M] () -- C:\ProgramData\1357892500.bdinstall.bin [2013.01.02 00:50:42 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.12.29 14:56:14 | 000,000,207 | ---- | M] () -- C:\Users\xxx\Desktop\The Elder Scrolls V Skyrim.url [2012.12.28 20:46:50 | 000,287,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.28 20:04:27 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.12.23 15:01:18 | 000,322,084 | ---- | M] () -- C:\Users\xxx\Desktop\) von Maifee _ Chefkoch.de).pdf [2012.12.23 12:51:00 | 000,000,928 | ---- | M] () -- C:\Users\xxx\Desktop\DVDFab Virtual Drive.lnk [2012.12.19 20:51:16 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.12.19 20:49:56 | 000,587,024 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.11 09:42:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.11 09:37:01 | 000,476,008 | ---- | C] () -- C:\ProgramData\1357892500.bdinstall.bin [2013.01.02 00:50:41 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.12.29 14:56:14 | 000,000,207 | ---- | C] () -- C:\Users\xxx\Desktop\The Elder Scrolls V Skyrim.url [2012.12.28 20:29:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.28 20:24:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.28 20:04:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.28 20:04:27 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.12.23 15:01:16 | 000,322,084 | ---- | C] () -- C:\Users\xxx\Desktop\) von Maifee _ Chefkoch.de).pdf [2012.11.07 17:58:36 | 000,003,584 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.16 20:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.16 20:37:46 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.19 15:43:50 | 000,099,384 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\inst.exe [2012.02.19 15:43:50 | 000,007,859 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.cat [2012.02.19 15:43:50 | 000,001,167 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.inf [2012.01.07 00:51:23 | 000,282,624 | ---- | C] () -- C:\ProgramData\1325893430.bdinstall.bin [2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.10.07 10:42:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.09.19 13:40:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.13 15:00:48 | 000,110,864 | ---- | C] () -- C:\Windows\SysWow64\MCUNINST.DLL [2011.09.12 16:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.12 15:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.24 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon [2012.07.07 12:13:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitTorrent [2012.10.16 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2012.02.23 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech [2011.09.13 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mkvtoolnix [2012.12.01 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Motorola [2012.12.01 16:21:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Motorola Mobility [2012.07.16 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Origin [2011.09.19 16:01:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\pdfforge [2012.01.07 00:44:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan [2012.12.01 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung [2011.11.18 22:14:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Temp [2011.09.13 21:46:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.11.26 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VshareComplete [2012.09.11 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vso [2012.07.25 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.11.04 14:12:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\YourFileDownloader ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.01.2013 13:44:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads\HJ
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,31% Memory free
7,96 Gb Paging File | 6,50 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 19,62 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 45,15 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013F159E-BF91-4E63-9B99-5214BA37BBAC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{063D77FB-5366-4140-9275-8834FE632334}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A7A8A41-B853-418E-8D9F-94678F62BC5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32A8B6FF-820E-4C14-963D-5F387785666E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{438ECD2C-19FB-4DF5-8BC8-B7246F84C29C}" = rport=138 | protocol=17 | dir=out | app=system |
"{469014FC-E890-4880-9479-FAF59AFA1FD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A4F2F6F-200F-4C1C-8BA7-AD4F806C3EBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63100F4C-A9C3-4B3F-BCED-04049CCA97C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{735AA00E-B692-4763-AD1F-9DBEEBFC78F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87E5D0FD-ABA4-41D5-B12A-ED31F2F672DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2B9FF25-5F0F-4481-B0D4-378EAF32DF64}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD99AC88-36D9-451C-B430-18A041637CE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF66AE13-E94E-4E79-A9A3-E7FF082B2772}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB0E925E-861C-461E-8FB8-5729E2CC240B}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEBF7CCB-ABFD-45F7-BDF1-8B12F87AF5F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2B11A10-F56F-460B-8370-FBD40055979C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C684E33C-D6DC-443C-A2CD-65E504A1B2AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDC882C5-8929-4A70-82C5-ADF17C29786F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE30659F-8F05-4B69-8A9A-421671D493A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8DE5C35-8777-4869-873E-EA952E631B3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{DBFAAB49-48D7-4854-B86D-FE66A44F6F46}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED73C415-2EE0-403C-8B9D-4AA0AD4375E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE1E8EC6-C738-448A-A7FE-2E276FFF3F13}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF20C157-2FCD-4796-923B-EDD0759E7071}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7FFAA17-1FE2-420B-8E83-56DC609930C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9E544D-3BF6-4ED1-BE3E-BD94C6DC05AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{14130489-45BD-452E-9E30-F7C52F0A6A06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18034FBB-8841-4304-B6A6-FF10B1252496}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{181F1754-8790-48CC-B5E0-E73835AFC514}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C2ED530-A423-49D8-951A-67CEFB3CEF68}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21B6BBCE-5C39-4EA7-BE8B-7D213BB0020C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{230F0F05-E0BB-4868-B9C3-CFDC8D6FC593}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E802F24-1FB6-4670-90CD-C531A22AA6CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{389D5453-DA83-4384-9893-42BBD886A78C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39D60E1E-869E-41E9-A096-67F4442200FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3D0B885E-622E-4CE2-8AFA-57C9429B53B6}" = protocol=6 | dir=in | app=d:\games\maxpayne3\playmaxpayne3.exe |
"{3EAE7C01-FDA4-4CE8-A633-234B9AE8957A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F9266EC-E95D-44BE-8E57-E55821D6A257}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\r.j.k@lycos.de\counter-strike source\hl2.exe |
"{4DADFE84-EDDB-4E3B-8B1A-20DC78BA87CE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{55578189-B3C5-4D76-8533-7A45FF125225}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5E56E5DA-9542-455B-AFFC-69DDB8C83312}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5F32B58B-AE2F-4CB6-BCB2-D0F971A6D252}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{60C1D339-F920-4683-8D89-F679C1FCE9C8}" = protocol=17 | dir=in | app=d:\origin\battlefield 3\bf3.exe |
"{678D8574-87DE-4904-B82F-10D1B16744BE}" = protocol=17 | dir=in | app=d:\games\maxpayne3\playmaxpayne3.exe |
"{69B5A6D3-76A3-4F5B-A984-00B50D1EA564}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71A6576B-C78E-4501-987C-F5045C2F28C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{78BE043E-2769-4883-9FA9-938393581AA6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{791E6612-4447-4A48-BD70-656CA549F2F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90848CA1-AE0A-44B4-9FAB-A478B32DA074}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{976F7BCA-073A-4972-8D30-DD72C3B0C038}" = protocol=6 | dir=in | app=d:\origin\battlefield 3\bf3.exe |
"{98FB7C07-023B-4FF1-8FE5-545B145800E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{991373C7-4B4A-4CE0-AAD1-92E51BF4FED8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\r.j.k@lycos.de\counter-strike source\hl2.exe |
"{9A654CA2-5433-4F3C-9EE0-FA0D1151F163}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9EE8B045-8132-4692-94FA-E825781B8F17}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B58CB508-ED68-4FFC-92D1-DE2F9B00D88B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB7A83B2-E859-475F-B7BE-B372AB89F648}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1A93448-644D-4F70-8393-C489B70859B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4C25F95-FAC7-4200-8A63-57BCB74BCAD2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBABB390-1AF4-4CA2-9C0D-B38CEF1E8D64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8511019-3368-4AE0-BDF8-296851BF0CC7}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{EDF0B917-A859-4D21-8F4F-02AA58EA56AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F037E112-2959-4AB2-AAD7-DC20E68033A7}" = protocol=6 | dir=out | app=system |
"{F4BB6FB9-9E74-4E3D-9ED5-9252B63A43D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA5758BB-D545-4C4E-8FD1-8B1356AA0254}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBDC66D6-A8B6-4FE5-98C3-E5B8880C2D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF28E76E-765E-4D22-A349-2F025B5D4B71}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"TCP Query User{3DF9DD7B-D6E1-4233-935C-1EB63FD68AD3}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{7F0F5E0F-6B6D-45B3-8F68-35176BA77DA0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A04679B6-A767-4693-8C1C-FE45BFBFBD48}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A123BC47-FDCB-44F0-8FD5-9C5884D3F238}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{ABDCC8A5-16C5-4D8B-8166-093F8A5B73B8}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{C6E6908A-D6DF-4E4C-99C8-646C6ADF729E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E364D1A9-33A0-4533-BA4F-E7471D7E9601}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{182C56E6-E91B-4AA6-8CA8-D8A245CE6790}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{2AAF9547-C85C-479C-B04D-466CCB380A6E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{5BC50EFD-D222-4A98-B81B-9F9394662B9D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{873C9B8A-BE53-489E-BDAE-1BA51923DAAD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D3B42E14-1AC8-4DE4-BB7A-F2DE5633ADD8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D9718BDB-C489-4570-AFF3-4EE157BBE6E4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FB7ED510-FB4B-40A8-A896-FD400D8B6134}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"DVDFab Virtual Drive_is1" = DVDFab Virtual Drive Version 1.3.9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2FDCE696-AC14-4046-ABA1-B07071B4DDA7}" = Audials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"Canon MG4100 series Benutzerregistrierung" = Canon MG4100 series Benutzerregistrierung
"Canon MG4100 series On-screen Manual" = Canon MG4100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVDFab 8 Qt_is1" = DVDFab 8.2.0.6 (24/08/2012) Qt
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MKVtoolnix" = MKVtoolnix 4.9.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Origin" = Origin
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.5.0
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 400" = Portal
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 09:41:17 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:14:54 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:36:22 | Computer Name = xxx | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "BitDefender Virus Shield" konnte nicht
heruntergefahren werden.
Error - 11.01.2013 04:39:51 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 12:01:15 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.8.151.0, Zeitstempel:
0x5086bed7 Name des fehlerhaften Moduls: TESV.exe, Version: 1.8.151.0, Zeitstempel:
0x5086bed7 Ausnahmecode: 0x40000015 Fehleroffset: 0x007d312b ID des fehlerhaften Prozesses:
0xcc8 Startzeit der fehlerhaften Anwendung: 0x01cdf00ebf1ae317 Pfad der fehlerhaften
Anwendung: D:\Games\Steam\steamapps\common\Skyrim\TESV.exe Pfad des fehlerhaften
Moduls: D:\Games\Steam\steamapps\common\Skyrim\TESV.exe Berichtskennung: 201e7d35-5c08-11e2-96eb-406186b371ba
Error - 11.01.2013 16:37:30 | Computer Name = xxx | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "c:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition:
SMC,processorArchitecture="x86",type="win32",version="12.0.0.0". Verwenden Sie das
Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.01.2013 05:24:23 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 05:41:52 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 08:21:39 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 08:42:40 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.01.2013 07:31:13 | Computer Name = xxx | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.01.2013 18:00:26 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 11.01.2013 19:16:44 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 05:22:45 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 05:34:58 | Computer Name = xxx| Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 05:40:13 | Computer Name = xxx| Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 05:45:47 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 08:19:59 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 08:40:15 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 08:40:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
Gmer: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-12 14:24:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST9500325AS rev.0003SDM1 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\FLITZE~1\AppData\Local\Temp\kwtdapoc.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75] .text ... * 9 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730617fa 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073061860 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073061942 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007306194d 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730617fa 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073061860 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073061942 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007306194d 2 bytes [06, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075891555 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75] .text ... * 9 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75] .text ... * 9 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1504:1664] 00000000736432fb Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3192] 000000007349e2db Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3276] 00000000719a8de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3280] 00000000719a8de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3284] 00000000719a8de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3288] 00000000719a4e00 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3000] 000007fef56acc10 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3004] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2064] 000007fefebf0168 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1312] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2056] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1100] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:140] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2368] 000007fef567f718 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2344] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2348] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2360] 000007fef556143c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1340] 000007fef5ba6050 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3632] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3884] 000007fef556b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:4000] 000007fef556b564 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1504] 00000000735d0000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692] 0000000075f50000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b57ece Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007 Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@TimeLow -1467107104 Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@TimeHigh 30175773 Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@RegMark 0 Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@ExpMark 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x2F 0xB1 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0x55 0xF4 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xA7 0x78 0xD8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b57ece (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@TimeLow -1467107104 Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@TimeHigh 30175773 Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@RegMark 0 Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@ExpMark 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x2F 0xB1 0x6C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0x55 0xF4 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xA7 0x78 0xD8 ... ---- EOF - GMER 2.0 ---- Geändert von Pjong (12.01.2013 um 16:26 Uhr) |
|
12.01.2013, 17:23
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Super Anti Spyware findet bei jedem Scan mehr als 80 ThreatsZitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
13.01.2013, 20:51
| #3 |
| | Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Ups
__________________ , da habe ich wohl das Wichtigste vergessen. Hier Avira, Maleware und Super Anti Log.Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 13. Januar 2013 16:06
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : xxx
Computername : xxx
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 04.12.2012 14:37:47
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.400 67360 Bytes 04.12.2012 11:13:05
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55
AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31
avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57
avlode.rdf : 13.0.0.26 7958 Bytes 22.11.2012 10:59:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 08:43:27
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 08:43:27
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 08:43:27
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 08:43:27
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 08:43:27
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 08:43:27
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 08:43:28
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 08:43:28
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 08:43:28
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 09:28:08
VBASE018.VDF : 7.11.56.212 2048 Bytes 11.01.2013 09:28:08
VBASE019.VDF : 7.11.56.213 2048 Bytes 11.01.2013 09:28:08
VBASE020.VDF : 7.11.56.214 2048 Bytes 11.01.2013 09:28:08
VBASE021.VDF : 7.11.56.215 2048 Bytes 11.01.2013 09:28:09
VBASE022.VDF : 7.11.56.216 2048 Bytes 11.01.2013 09:28:09
VBASE023.VDF : 7.11.56.217 2048 Bytes 11.01.2013 09:28:09
VBASE024.VDF : 7.11.56.218 2048 Bytes 11.01.2013 09:28:09
VBASE025.VDF : 7.11.56.219 2048 Bytes 11.01.2013 09:28:09
VBASE026.VDF : 7.11.56.220 2048 Bytes 11.01.2013 09:28:09
VBASE027.VDF : 7.11.56.221 2048 Bytes 11.01.2013 09:28:09
VBASE028.VDF : 7.11.56.222 2048 Bytes 11.01.2013 09:28:09
VBASE029.VDF : 7.11.56.223 2048 Bytes 11.01.2013 09:28:09
VBASE030.VDF : 7.11.56.224 2048 Bytes 11.01.2013 09:28:09
VBASE031.VDF : 7.11.57.6 132608 Bytes 13.01.2013 14:00:34
Engineversion : 8.2.10.230
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.80 467322 Bytes 11.01.2013 08:43:35
AESCN.DLL : 8.1.10.0 131445 Bytes 11.01.2013 08:43:35
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 08:43:35
AEPACK.DLL : 8.3.1.2 819574 Bytes 11.01.2013 08:43:34
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 11.01.2013 08:43:33
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.14 434548 Bytes 11.01.2013 08:43:30
AEEXP.DLL : 8.3.0.8 188788 Bytes 12.01.2013 09:28:09
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 11.01.2013 08:43:30
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 28.11.2012 14:05:52
AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10
AVARKT.DLL : 13.6.0.402 260384 Bytes 04.12.2012 14:36:03
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 04.12.2012 11:04:02
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 28.11.2012 14:07:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.4.0.360 68384 Bytes 28.11.2012 14:09:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, G:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +SPR,
Beginn des Suchlaufs: Sonntag, 13. Januar 2013 16:06
Der Suchlauf über die Masterbootsektoren wird begonnen:
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'MotoHelperService.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '160' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrB.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForwardDaemon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MotoHelperAgent.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '208' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2027' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\' <Volume>
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Ende des Suchlaufs: Sonntag, 13. Januar 2013 16:56
Benötigte Zeit: 50:18 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
26437 Verzeichnisse wurden überprüft
531697 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
531697 Dateien ohne Befall
4345 Archive wurden durchsucht
0 Warnungen
0 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 13.01.2013 17:20:44 mbam-log-2013-01-13 (17-20-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 350111 Laufzeit: 1 Stunde(n), 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/13/2013 at 07:53 PM
Application Version : 5.6.1014
Core Rules Database Version : 9864
Trace Rules Database Version: 7676
Scan type : Complete Scan
Total Scan Time : 00:40:42
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 450
Memory threats detected : 0
Registry items scanned : 70899
Registry threats detected : 0
File items scanned : 65520
File threats detected : 29
Adware.Tracking Cookie
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adfarm1.adition[1].txt [ /adfarm1.adition ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@apmebf[1].txt [ /apmebf ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@mediaplex[2].txt [ /mediaplex ]
C:\USERS\xxx\Cookies\xxx@adfarm1.adition[1].txt [ Cookie:xxx@adfarm1.adition.com/ ]
C:\USERS\xxx\Cookies\xxx@ad1.adfarm1.adition[1].txt [ Cookie:xxx@ad1.adfarm1.adition.com/ ]
C:\USERS\xxx\Cookies\xxx@apmebf[1].txt [ Cookie:xxx@apmebf.com/ ]
.doubleclick.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYWLK3GX.DEFAULT\COOKIES.SQLITE ]
|
|
13.01.2013, 20:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Haben Malwarebytes und AntiVir wirklich nichts gefunden?!  Das von SUPERAntiSpyware kannste "vergessen", denn es hat nur harmlose Cookies gefunden
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2013, 21:14
| #5 |
| | Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Hi, ne Maleware und Avira haben wirklich nichts gefunden. Ich habe beim Scan keine Änderungen an den Grundeinstellungen bei Maleware vorgenommen. Soll ich noch mal scanen? Mit anderen Einstellungen? VG |
|
14.01.2013, 22:19
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Super Anti Spyware findet bei jedem Scan mehr als 80 ThreatsZitat:
Ist dir furchtbar langweilig?! Welche Probleme hast du denn überhaupt mit diesem Rechner?
__________________ --> Super Anti Spyware findet bei jedem Scan mehr als 80 Threats |
|
19.01.2013, 12:13
| #7 |
| | Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Hi, keine Sorge... ... bei mir kommt keine Langeweile auf  .Konnte mein Prb. mitlerweile lösen selber, trotzdem danke für deine Hilfe. Wenn nochmals was ist, melde ich mich  .See Ya |
|
| Themen zu Super Anti Spyware findet bei jedem Scan mehr als 80 Threats |
| anti, gefunde, hallo zusammen, install.exe, intranet, jdownloader, launch, löschen, mom.exe, online, plug-in, richtlinie, scan, schädlinge, spyware, super, threat, threats, zusammen |
Linear-Darstellung
