| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bProtector for Windows scheint avast deaktiviert zu habenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.02.2013, 22:50
| #1 |
 |  bProtector for Windows scheint avast deaktiviert zu haben Hallo Liebe Helfer, ich habe folgendes Problem. Bei jedem Starten meines Laptops läuft einmal der FastScan von Trojan Scanner. Vor einigen Tagen warnte er mich, dass die Windows Registry diverse Dateien über AppInit_DLL läd, die der Scan nicht gefunden hat und die möglicherweise versteckte Ad- bzw. Spyware laden. Die Dateien werden von dem Registry Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" geladen. Das sind die Daten, die der Fast Scan mir als gefährlich anzeigt: c:\docume~1\ settings\all users\application data\browser manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73} c:\docume~1\?????? Vorgestern deaktivierte sich nun mein Avast und lässt sich nicht wieder aktivieren. Ich bin heute erst dazu gekommen, mich damit auseinanderzusetzen und habe dabei das Programm bProtector for Windows entdeckt. Durch googlen habe ich festgestellt, dass dieses Programm auf eurem Forum schon zur Sprache gekommen ist. Auf der Seite hxxp://www.file.net/prozess/bprotect.exe.html habe ich weiterhin gelesen, dass dieses Programm das Verhalten von anderen Programmen beeinflussen kann, was zu meinem Problem passen würde. Ich hatte das Programm entdeckt, als ich den CCleaner benutzt habe. Leider habe ich zu spät gelesen, dass ihr empfehlt, soetwas nicht zu benutzen und hatte schon alle, als fehlerhaft angezeigten Registries, gelöscht. Ich habe die geforderten Programme laufen lassen und hänge die logfiles an. Allerdings hat OTL bei mir nur eine Textdatei, die OTL.txt, erstellt. Hatte OTL dann nochmal laufen lassen, aber wieder nur die OTL.txt - Datei erhalten. Code:
ATTFilter OTL logfile created on: 10.02.2013 19:31:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Programme Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,87% Memory free 6,19 Gb Paging File | 4,98 Gb Available in Paging File | 80,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,32 Gb Total Space | 79,63 Gb Free Space | 28,61% Space Free | Partition Type: NTFS Drive D: | 19,76 Gb Total Space | 7,11 Gb Free Space | 35,99% Space Free | Partition Type: FAT32 Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOTSPUR | User Name: Danny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 19:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Programme\OTL.exe PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.30 16:02:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.01.07 02:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe PRC - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe PRC - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.07.30 14:40:11 | 000,091,520 | ---- | M] (Nektra S.A.) -- C:\Program Files\NXPowerLite\loadnxploeaddin.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.29 19:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe PRC - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.08.04 15:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe PRC - [2008.08.04 15:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2008.07.24 17:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.02.20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll MOD - [2012.01.07 02:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe MOD - [2012.01.06 19:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe ========== Services (SafeList) ========== SRV - [2013.02.06 13:58:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC) SRV - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.04.17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\3456.com\catchme.sys -- (catchme) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.09.22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv) DRV - [2010.06.23 09:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2009.06.09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.11.05 21:23:03 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.11.05 21:23:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.08.28 13:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo) DRV - [2008.08.28 13:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.04 15:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.08.04 15:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.08.04 15:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.04.17 09:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.09.23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_2&babsrc=HP_clro&mntrId=b2971a3100000000000000ff664a1418 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_2&babsrc=SP_clro&mntrId=b2971a3100000000000000ff664a1418 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2 FF - prefs.js..extensions.enabledAddons: %7B8dbb6d8e-e4a6-4e3b-9753-af78b226441c%7D:3.16.0.3 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=ds&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.21 14:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.20 22:19:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:58:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.07 16:33:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:58:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.07 16:33:20 | 000,000,000 | ---D | M] [2008.11.08 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions [2013.02.01 15:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions [2010.09.29 10:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.24 13:45:45 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2012.11.08 22:01:59 | 000,000,000 | ---D | M] (ST Deutsch Community Toolbar) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2012.12.11 12:46:23 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.16 13:10:33 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\adblockpopups@jessehakanen.net [2011.05.05 23:50:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\engine@conduit.com [2012.11.19 19:42:26 | 000,000,000 | ---D | M] ("FireNes") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\firenes@facundo.zaldo [2013.02.01 15:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\staged [2012.11.20 22:08:08 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\8athkzsl.default\extensions\toolbar@gmx.net [2013.02.01 15:00:44 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.11.19 19:38:34 | 000,071,254 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\extensions\firenes@facundo.zaldo.xpi [2012.11.20 22:07:54 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\extensions\toolbar@gmx.net.xpi [2012.12.11 12:46:22 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2009.05.19 11:24:54 | 000,000,894 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\searchplugins\conduit.xml [2012.11.20 02:40:47 | 000,002,399 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\8athkzsl.default\searchplugins\Web Search.xml [2012.11.19 11:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.19 11:50:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2011.03.28 00:48:29 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.11.20 22:19:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.06 13:58:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.13 14:35:30 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=6735c907-eb66-4173-94f3-f76ef4deab4c&searchtype=hp CHR - Extension: No name found = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: No name found = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ CHR - Extension: No name found = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ O1 HOSTS File: ([2012.02.05 20:06:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [nxpOEAPI] C:\Program Files\NXPowerLite\loadnxploeaddin.exe (Nektra S.A.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Danny\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2FB62B1-17CD-4427-B8AF-A4BE2BB7CFF8}: DhcpNameServer = 81.173.194.77 194.8.194.60 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\docume~1\ settings\all users\application data\browser manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73} c:\docume~1\鄉lj谀醕鄉lj) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2012.09.18 20:10:14 | 000,000,097 | ---- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.31 14:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM [2013.01.31 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\Day_of_the_Tentacle_pt_1_2 [2013.01.31 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\ScummVM [2013.01.31 12:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM [2013.01.31 00:32:23 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\InstallShare [3 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [2 C:\Users\Danny\*.tmp files -> C:\Users\Danny\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.10 19:45:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2013.02.10 19:25:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 19:25:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 19:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.10 19:00:13 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable [2013.02.10 18:13:34 | 000,018,236 | ---- | M] () -- C:\Users\Danny\Documents\cc_20130210_181319.reg [2013.02.10 17:27:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.10 17:25:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.10 17:25:22 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys [2013.02.10 11:38:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.10 09:34:59 | 000,036,352 | ---- | M] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.04 02:24:24 | 000,548,396 | ---- | M] () -- C:\Users\Danny\Desktop\IMAG0317.jpg [2013.02.02 21:36:45 | 000,000,955 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.02 21:36:33 | 000,000,923 | ---- | M] () -- C:\Users\Danny\Desktop\Dropbox.lnk [2013.01.15 20:18:19 | 000,001,935 | ---- | M] () -- C:\Users\Danny\Desktop\Google Chrome.lnk [2013.01.12 17:04:16 | 000,021,170 | ---- | M] () -- C:\Users\Danny\Documents\essen.odt [2 C:\Users\Danny\*.tmp files -> C:\Users\Danny\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.10 19:00:13 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable [2013.02.10 18:13:23 | 000,018,236 | ---- | C] () -- C:\Users\Danny\Documents\cc_20130210_181319.reg [2013.02.04 01:30:47 | 000,548,396 | ---- | C] () -- C:\Users\Danny\Desktop\IMAG0317.jpg [2013.01.12 05:23:28 | 000,021,170 | ---- | C] () -- C:\Users\Danny\Documents\essen.odt [2012.11.18 23:11:33 | 000,001,024 | ---- | C] () -- C:\Users\Danny\.rnd [2012.10.14 15:43:59 | 000,076,335 | ---- | C] () -- C:\ProgramData\fvvwelwextnnkrj [2012.10.14 12:16:01 | 000,000,030 | ---- | C] () -- C:\ProgramData\ftstate.ini [2012.09.25 22:40:32 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.04.15 06:59:11 | 042,065,913 | ---- | C] () -- C:\Users\Danny\Coollector_Setup_3208.exe [2012.03.02 13:46:08 | 000,053,248 | ---- | C] () -- C:\Users\Danny\lametritonus_en.dll [2012.03.02 13:46:06 | 000,162,304 | ---- | C] () -- C:\Users\Danny\lame_enc_en.dll [2012.02.05 19:48:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.05 19:48:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.05 19:48:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.05 19:48:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.05 19:48:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.05 01:47:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.02.05 01:47:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.02.05 01:47:54 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.02.05 01:47:54 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.12.27 20:46:40 | 000,000,284 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.08.04 17:28:28 | 000,001,356 | ---- | C] () -- C:\Users\Danny\AppData\Local\d3d9caps.dat [2011.08.04 17:27:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.04 12:08:26 | 000,000,000 | ---- | C] () -- C:\Users\Danny\AppData\Local\{70587267-ED4A-499E-9F06-7D40D6803167} [2011.06.27 22:53:00 | 000,065,536 | ---- | C] () -- C:\Windows\qt3wrap.dll [2011.06.27 22:53:00 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2011.06.20 19:57:23 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.06.20 19:57:23 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.09.15 14:07:41 | 000,004,751 | ---- | C] () -- C:\Users\Danny\.recently-used.xbel [2008.11.16 18:27:50 | 000,036,352 | ---- | C] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.04 17:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.05.29 09:24:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Academic Software Zurich [2012.08.26 08:44:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Babylon [2012.01.22 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Big Fish Games [2013.02.10 17:28:49 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Dropbox [2012.05.04 12:43:40 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\DVDVideoSoft [2012.05.04 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.13 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ERS Game Studios [2010.10.05 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\FILEminimizer [2010.09.15 13:48:12 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\gtk-2.0 [2011.06.27 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\HTC [2011.06.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2008.11.08 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ICQ [2012.04.07 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\LucasArts [2012.11.19 19:18:16 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OpenCandy [2008.11.04 20:50:23 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OpenOffice.org [2012.05.25 19:17:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\pdfforge [2012.03.29 19:55:00 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ProtectDisc [2013.01.31 14:18:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ScummVM [2012.02.05 01:47:43 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Simply Super Software [2012.05.25 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\SoftGrid Client [2013.02.07 08:21:27 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Spotify [2009.03.28 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\The Games Company [2011.06.30 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Thunderbird [2012.11.06 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Titanium [2011.05.25 12:23:57 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\TP [2012.09.25 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\TuneUp Software [2013.01.09 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\uTorrent [2011.02.20 01:08:53 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\wxMozBrowserLib ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6294B369 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-10 22:00:08
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Danny\AppData\Local\Temp\pxddipoc.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x928A04BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x93141C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x928A0ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x928ABFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x928ABFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x928AC176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x928ABF16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x93141FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x928ABF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x928A111C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x928AC130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x928A193E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x928A0508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x93141CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x931403EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x928A0556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x928A5534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x928A23A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x928ABFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x928AC016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x928AC19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x928ABF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x928AC0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x928ABF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x928AC154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x93141E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x928A2272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x928A1DD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x928A05A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x928A05F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x928A17BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x928A01FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x928A03AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x928A0350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x928A1AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x928A1C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x928A041A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x93141EFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x928A1636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9314041C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x928A0640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x93141D96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x928A12F4]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 83EBA7D0 4 Bytes [BA, 04, 8A, 92]
.text ntkrnlpa.exe!KeSetEvent + 131 83EBA7F4 4 Bytes [22, 1C, 14, 93] {AND BL, [ESP+EDX]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 191 83EBA854 4 Bytes [D6, 0E, 8A, 92]
.text ntkrnlpa.exe!KeSetEvent + 1D1 83EBA894 8 Bytes [A8, BF, 8A, 92, F4, BF, 8A, ...] {TEST AL, 0xbf; MOV DL, [EDX-0x6d75400c]}
.text ntkrnlpa.exe!KeSetEvent + 1DE 83EBA8A1 3 Bytes [C1, 8A, 92]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 84047EB8 4 Bytes CALL 928A2A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8404BB2C 4 Bytes CALL 928A2AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 9E710470 5 Bytes JMP 928A5FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + FDC 9E720628 5 Bytes JMP 928A6090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 9E729689 5 Bytes JMP 928A6CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 9E72A475 5 Bytes JMP 928A6E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C4B 9E732C1F 5 Bytes JMP 928A556A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9E733B75 5 Bytes JMP 928A6A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30EF 9E73F2A7 5 Bytes JMP 928A5EB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4561 9E740719 5 Bytes JMP 928A57C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B0 9E740868 5 Bytes JMP 928A616A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C45 9E740DFD 5 Bytes JMP 928A6182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 522D 9E7413E5 5 Bytes JMP 928A5CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A16 9E75A295 5 Bytes JMP 928A5C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A6A 9E75A2E9 5 Bytes JMP 928A5EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 9E781378 5 Bytes JMP 928A694C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DC 9E783CD5 5 Bytes JMP 928A5670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 9E78A66E 5 Bytes JMP 928A5834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B44 9E794B04 5 Bytes JMP 928A6EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 9E7979FC 5 Bytes JMP 928A5688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 9E7A1817 5 Bytes JMP 928A6A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B990 9E7B1DBD 5 Bytes JMP 928A60A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 9E7B5FAF 5 Bytes JMP 928A6BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F70 9E7BC65B 5 Bytes JMP 928A69F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9E7BFDCA 5 Bytes JMP 928A6B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 9E7C76E9 5 Bytes JMP 928A5760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 9E7E5C8A 5 Bytes JMP 928A5A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 9E7EB532 5 Bytes JMP 928A58F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9E7EF06A 5 Bytes JMP 928A6D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3765 9E807444 5 Bytes JMP 928A60C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A15 9E80D58D 5 Bytes JMP 928A5944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D28F 9E819E07 5 Bytes JMP 928A5B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10D00 9E81D878 5 Bytes JMP 928A5AB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA5749300, 0x25D4C, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA5770300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA6490300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[384] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[724] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[748] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[756] KERNEL32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[808] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 774BA8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2020] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2052] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe[2084] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text ...
.text C:\Windows\Explorer.EXE[3208] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7648B37C 4 Bytes [B0, 22, 24, 00] {MOV AL, 0x22; AND AL, 0x0}
.text C:\Windows\system32\wbem\wmiprvse.exe[3248] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox.exe[3340] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3396] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[3448] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3456] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text ...
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe[3484] USER32.dll!DialogBoxParamW 761C10B0 5 Bytes JMP 6CCE44C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
.text C:\Windows\ehome\ehmsas.exe[3532] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3664] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3796] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3848] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3996] kernel32.dll!GetBinaryTypeW + 70 774E2447 1 Byte [62]
.text ...
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff71f95
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff71f9d
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\0015aff71f95 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\0015aff71f9d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24! 19583823
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 2.0 ----
|
| Themen zu bProtector for Windows scheint avast deaktiviert zu haben |
| .com, antivirus, appinitdlls, avast, avast deaktiviert, bho, bonjour, bprotector for windows, browser manager, desktop, error, firefox, google, home, hotspot, installation, mozilla, mp3, mywinlocker, nvidia update, plug-in, programm, realtek, registry, registry key, scan, search the web, security, software, spotify web helper, spyware, starten, super, svchost.exe, usb, vista, win32k.sys, windows, windows e |
Baum-Darstellung