Super Anti Spyware findet bei jedem Scan mehr als 80 Threats Hallo zusammen,
auch nach dem Löschen der Schädlinge finden sich diese bzw. ähnliche nach Online Ausflügen wieder auf dem Rechner. Nach jedem Scan wird etwas gefunden.OTL Logfile: Code:
OTL logfile created on: 12.01.2013 13:44:00 - Run 1
OTL by OldTimer - Version Folder = C:\Users\xxx\Downloads\HJ
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,31% Memory free
7,96 Gb Paging File | 6,50 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 19,62 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 45,15 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Computer Name: DAMPFLOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.02 00:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\HJ\OTL.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012.10.23 23:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 20:38:00 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.07.16 20:37:46 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
========== Modules (No Company Name) ==========
MOD - [2012.10.23 23:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
========== Services (SafeList) ==========
SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.07.28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.11 17:08:15 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.30 00:31:24 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 20:38:00 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.07.16 20:37:46 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.01.05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.04 13:44:08 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.11.04 10:35:05 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.07.11 14:32:12 | 000,013,728 | ---- | M] (Fengtao Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvdfabio.sys -- (dvdfabio)
DRV:64bit: - [2012.07.11 14:32:10 | 000,046,496 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdrive.sys -- (vdrive)
DRV:64bit: - [2012.06.11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012.06.08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012.06.08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.19 15:43:50 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012.01.25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011.12.09 14:27:31 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.12.09 14:27:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2011.12.09 14:27:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2011.11.08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.03.12 10:39:30 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.01.27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.07.20 19:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV - [2012.02.07 15:46:12 | 000,023,816 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys -- (cpuz135)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] ( and [Kernel | System | Running] -- C:\Program Files (x86)\Superantispyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] ( and [Kernel | System | Running] -- C:\Program Files (x86)\Superantispyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2011.02.10 10:22:58 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://{searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://{searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://{searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 3E C8 61 5A 71 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://{searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://{searchTerms}
IE - HKCU\..\SearchScopes\{140883E1-5AAD-4561-BCC3-11F1842F3A3F}: "URL" = hxxp://{searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=EE1CA4E0-B378-4024-8D2B-26FFC6465891&apn_sauid=82FDF0C5-B393-4367-85B6-DA74D1457EC3
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://{searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{EEE8A80F-3037-48C4-8B0E-3931471D99B4}: "URL" = hxxp://{searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - "hxxp://"
FF - "Web Search"
FF - "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://"
FF - 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\ C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 17:08:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 17:08:09 | 000,000,000 | ---D | M]
[2011.09.12 17:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.12.15 21:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\jywlk3gx.default\extensions
[2011.11.26 19:37:54 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\jywlk3gx.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012.01.02 16:27:03 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\extensions\
[2011.09.12 17:19:15 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2012.06.01 19:20:55 | 000,002,323 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\askcom.xml
[2013.01.10 11:32:58 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\jywlk3gx.default\searchplugins\startsear.xml
[2013.01.11 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 17:08:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.11 17:08:15 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 21:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.12 23:30:41 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.07.08 21:37:03 | 000,001,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: # alcohol 120% # alcohol 120% # alcohol 120% # alcohol 120%
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\xxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Superantispyware\SUPERAntiSpyware.exe (
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3073A723-D965-469E-8471-EAA7C95A3E6E}: DhcpNameServer =
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ac38959-3bc1-11e2-964c-406186b371ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3ac38959-3bc1-11e2-964c-406186b371ba}\Shell\AutoRun\command - "" = H:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{609af750-e6bb-11e0-8e7d-406186b371ba}\Shell - "" = AutoRun
O33 - MountPoints2\{609af750-e6bb-11e0-8e7d-406186b371ba}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ff8537f1-555f-11e1-9375-b070925ec614}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8537f1-555f-11e1-9375-b070925ec614}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O33 - MountPoints2\{ff8537fb-555f-11e1-9375-b070925ec614}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8537fb-555f-11e1-9375-b070925ec614}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\ [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.11 17:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.11 09:47:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira
[2013.01.11 09:42:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.11 09:42:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.11 09:42:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.11 09:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.01.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.01.11 09:36:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.29 15:04:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Skyrim
[2012.12.28 20:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.12.28 20:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.12.28 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.28 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.25 13:08:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Tor Browser
[2012.12.19 20:51:16 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.12.17 21:53:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.12.16 21:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012.12.16 21:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2012.02.19 15:43:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\xxx\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.12 13:47:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 13:47:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 13:47:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 13:47:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 13:47:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.12 13:40:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 13:40:49 | 3207,114,752 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 13:27:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 13:27:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 09:42:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.11 09:37:01 | 000,476,008 | ---- | M] () -- C:\ProgramData\1357892500.bdinstall.bin
[2013.01.02 00:50:42 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.12.29 14:56:14 | 000,000,207 | ---- | M] () -- C:\Users\xxx\Desktop\The Elder Scrolls V Skyrim.url
[2012.12.28 20:46:50 | 000,287,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.28 20:04:27 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.23 15:01:18 | 000,322,084 | ---- | M] () -- C:\Users\xxx\Desktop\) von Maifee _
[2012.12.23 12:51:00 | 000,000,928 | ---- | M] () -- C:\Users\xxx\Desktop\DVDFab Virtual Drive.lnk
[2012.12.19 20:51:16 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.12.19 20:49:56 | 000,587,024 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.11 09:42:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.11 09:37:01 | 000,476,008 | ---- | C] () -- C:\ProgramData\1357892500.bdinstall.bin
[2013.01.02 00:50:41 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.12.29 14:56:14 | 000,000,207 | ---- | C] () -- C:\Users\xxx\Desktop\The Elder Scrolls V Skyrim.url
[2012.12.28 20:29:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.28 20:24:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.28 20:04:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.28 20:04:27 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.23 15:01:16 | 000,322,084 | ---- | C] () -- C:\Users\xxx\Desktop\) von Maifee _
[2012.11.07 17:58:36 | 000,003,584 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.16 20:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.16 20:37:46 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.19 15:43:50 | 000,099,384 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\inst.exe
[2012.02.19 15:43:50 | 000,007,859 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\
[2012.02.19 15:43:50 | 000,001,167 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.inf
[2012.01.07 00:51:23 | 000,282,624 | ---- | C] () -- C:\ProgramData\1325893430.bdinstall.bin
[2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.07 10:42:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.09.19 13:40:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.13 15:00:48 | 000,110,864 | ---- | C] () -- C:\Windows\SysWow64\MCUNINST.DLL
[2011.09.12 16:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.12 15:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.03.24 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon
[2012.07.07 12:13:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitTorrent
[2012.10.16 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2012.02.23 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2011.09.13 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mkvtoolnix
[2012.12.01 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Motorola
[2012.12.01 16:21:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Motorola Mobility
[2012.07.16 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Origin
[2011.09.19 16:01:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\pdfforge
[2012.01.07 00:44:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan
[2012.12.01 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2011.11.18 22:14:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Temp
[2011.09.13 21:46:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011.11.26 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VshareComplete
[2012.09.11 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vso
[2012.07.25 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2012.11.04 14:12:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\YourFileDownloader
========== Purity Check ==========
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 12.01.2013 13:44:00 - Run 1
OTL by OldTimer - Version Folder = C:\Users\xxx\Downloads\HJ
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,31% Memory free
7,96 Gb Paging File | 6,50 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 19,62 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 45,15 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
"{013F159E-BF91-4E63-9B99-5214BA37BBAC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{063D77FB-5366-4140-9275-8834FE632334}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A7A8A41-B853-418E-8D9F-94678F62BC5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32A8B6FF-820E-4C14-963D-5F387785666E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{438ECD2C-19FB-4DF5-8BC8-B7246F84C29C}" = rport=138 | protocol=17 | dir=out | app=system |
"{469014FC-E890-4880-9479-FAF59AFA1FD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A4F2F6F-200F-4C1C-8BA7-AD4F806C3EBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63100F4C-A9C3-4B3F-BCED-04049CCA97C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{735AA00E-B692-4763-AD1F-9DBEEBFC78F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87E5D0FD-ABA4-41D5-B12A-ED31F2F672DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2B9FF25-5F0F-4481-B0D4-378EAF32DF64}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD99AC88-36D9-451C-B430-18A041637CE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF66AE13-E94E-4E79-A9A3-E7FF082B2772}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB0E925E-861C-461E-8FB8-5729E2CC240B}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEBF7CCB-ABFD-45F7-BDF1-8B12F87AF5F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2B11A10-F56F-460B-8370-FBD40055979C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C684E33C-D6DC-443C-A2CD-65E504A1B2AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDC882C5-8929-4A70-82C5-ADF17C29786F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE30659F-8F05-4B69-8A9A-421671D493A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8DE5C35-8777-4869-873E-EA952E631B3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{DBFAAB49-48D7-4854-B86D-FE66A44F6F46}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED73C415-2EE0-403C-8B9D-4AA0AD4375E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE1E8EC6-C738-448A-A7FE-2E276FFF3F13}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF20C157-2FCD-4796-923B-EDD0759E7071}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7FFAA17-1FE2-420B-8E83-56DC609930C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
"{0A9E544D-3BF6-4ED1-BE3E-BD94C6DC05AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{14130489-45BD-452E-9E30-F7C52F0A6A06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18034FBB-8841-4304-B6A6-FF10B1252496}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{181F1754-8790-48CC-B5E0-E73835AFC514}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C2ED530-A423-49D8-951A-67CEFB3CEF68}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21B6BBCE-5C39-4EA7-BE8B-7D213BB0020C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{230F0F05-E0BB-4868-B9C3-CFDC8D6FC593}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E802F24-1FB6-4670-90CD-C531A22AA6CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{389D5453-DA83-4384-9893-42BBD886A78C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39D60E1E-869E-41E9-A096-67F4442200FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3D0B885E-622E-4CE2-8AFA-57C9429B53B6}" = protocol=6 | dir=in | app=d:\games\maxpayne3\playmaxpayne3.exe |
"{3EAE7C01-FDA4-4CE8-A633-234B9AE8957A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F9266EC-E95D-44BE-8E57-E55821D6A257}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\\counter-strike source\hl2.exe |
"{4DADFE84-EDDB-4E3B-8B1A-20DC78BA87CE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{55578189-B3C5-4D76-8533-7A45FF125225}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5E56E5DA-9542-455B-AFFC-69DDB8C83312}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5F32B58B-AE2F-4CB6-BCB2-D0F971A6D252}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{60C1D339-F920-4683-8D89-F679C1FCE9C8}" = protocol=17 | dir=in | app=d:\origin\battlefield 3\bf3.exe |
"{678D8574-87DE-4904-B82F-10D1B16744BE}" = protocol=17 | dir=in | app=d:\games\maxpayne3\playmaxpayne3.exe |
"{69B5A6D3-76A3-4F5B-A984-00B50D1EA564}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71A6576B-C78E-4501-987C-F5045C2F28C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{78BE043E-2769-4883-9FA9-938393581AA6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{791E6612-4447-4A48-BD70-656CA549F2F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90848CA1-AE0A-44B4-9FAB-A478B32DA074}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{976F7BCA-073A-4972-8D30-DD72C3B0C038}" = protocol=6 | dir=in | app=d:\origin\battlefield 3\bf3.exe |
"{98FB7C07-023B-4FF1-8FE5-545B145800E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{991373C7-4B4A-4CE0-AAD1-92E51BF4FED8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\\counter-strike source\hl2.exe |
"{9A654CA2-5433-4F3C-9EE0-FA0D1151F163}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9EE8B045-8132-4692-94FA-E825781B8F17}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B58CB508-ED68-4FFC-92D1-DE2F9B00D88B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB7A83B2-E859-475F-B7BE-B372AB89F648}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1A93448-644D-4F70-8393-C489B70859B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4C25F95-FAC7-4200-8A63-57BCB74BCAD2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBABB390-1AF4-4CA2-9C0D-B38CEF1E8D64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8511019-3368-4AE0-BDF8-296851BF0CC7}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{EDF0B917-A859-4D21-8F4F-02AA58EA56AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F037E112-2959-4AB2-AAD7-DC20E68033A7}" = protocol=6 | dir=out | app=system |
"{F4BB6FB9-9E74-4E3D-9ED5-9252B63A43D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA5758BB-D545-4C4E-8FD1-8B1356AA0254}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBDC66D6-A8B6-4FE5-98C3-E5B8880C2D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF28E76E-765E-4D22-A349-2F025B5D4B71}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"TCP Query User{3DF9DD7B-D6E1-4233-935C-1EB63FD68AD3}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{7F0F5E0F-6B6D-45B3-8F68-35176BA77DA0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A04679B6-A767-4693-8C1C-FE45BFBFBD48}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A123BC47-FDCB-44F0-8FD5-9C5884D3F238}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{ABDCC8A5-16C5-4D8B-8166-093F8A5B73B8}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{C6E6908A-D6DF-4E4C-99C8-646C6ADF729E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E364D1A9-33A0-4533-BA4F-E7471D7E9601}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{182C56E6-E91B-4AA6-8CA8-D8A245CE6790}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{2AAF9547-C85C-479C-B04D-466CCB380A6E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{5BC50EFD-D222-4A98-B81B-9F9394662B9D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{873C9B8A-BE53-489E-BDAE-1BA51923DAAD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D3B42E14-1AC8-4DE4-BB7A-F2DE5633ADD8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D9718BDB-C489-4570-AFF3-4EE157BBE6E4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FB7ED510-FB4B-40A8-A896-FD400D8B6134}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"DVDFab Virtual Drive_is1" = DVDFab Virtual Drive Version
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2FDCE696-AC14-4046-ABA1-B07071B4DDA7}" = Audials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"Canon MG4100 series Benutzerregistrierung" = Canon MG4100 series Benutzerregistrierung
"Canon MG4100 series On-screen Manual" = Canon MG4100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVDFab 8 Qt_is1" = DVDFab (24/08/2012) Qt
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MKVtoolnix" = MKVtoolnix 4.9.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Origin" = Origin
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.5.0
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 400" = Portal
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 09:41:17 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:14:54 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:36:22 | Computer Name = xxx | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "BitDefender Virus Shield" konnte nicht
heruntergefahren werden.
Error - 11.01.2013 04:39:51 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 12:01:15 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version:, Zeitstempel:
0x5086bed7 Name des fehlerhaften Moduls: TESV.exe, Version:, Zeitstempel:
0x5086bed7 Ausnahmecode: 0x40000015 Fehleroffset: 0x007d312b ID des fehlerhaften Prozesses:
0xcc8 Startzeit der fehlerhaften Anwendung: 0x01cdf00ebf1ae317 Pfad der fehlerhaften
Anwendung: D:\Games\Steam\steamapps\common\Skyrim\TESV.exe Pfad des fehlerhaften
Moduls: D:\Games\Steam\steamapps\common\Skyrim\TESV.exe Berichtskennung: 201e7d35-5c08-11e2-96eb-406186b371ba
Error - 11.01.2013 16:37:30 | Computer Name = xxx | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "c:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: SMC,processorArchitecture="x86",type="win32",version="".
SMC,processorArchitecture="x86",type="win32",version="". Verwenden Sie das
Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.01.2013 05:24:23 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 05:41:52 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 08:21:39 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 08:42:40 | Computer Name = xxx | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.01.2013 07:31:13 | Computer Name = xxx | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.01.2013 18:00:26 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 11.01.2013 19:16:44 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 05:22:45 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 05:34:58 | Computer Name = xxx| Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 05:40:13 | Computer Name = xxx| Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 05:45:47 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 08:19:59 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.01.2013 08:40:15 | Computer Name = xxx | Source = DCOM | ID = 10010
Description =
Error - 12.01.2013 08:40:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report > --- --- ---
GMER 2.0.18444 - hxxp://
Rootkit scan 2013-01-12 14:24:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST9500325AS rev.0003SDM1 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\FLITZE~1\AppData\Local\Temp\kwtdapoc.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75]
.text ... * 9
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730617fa 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073061860 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073061942 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007306194d 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730617fa 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073061860 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073061942 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007306194d 2 bytes [06, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075891555 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75]
.text ... * 9
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075891401 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075891419 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075891431 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007589144a 2 bytes [89, 75]
.text ... * 9
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758914dd 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758914f5 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007589150d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075891525 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007589153d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075891555 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007589156d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075891585 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007589159d 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758915b5 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758915cd 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758916b2 2 bytes [89, 75]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758916bd 2 bytes [89, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1504:1664] 00000000736432fb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3192] 000000007349e2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3276] 00000000719a8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3280] 00000000719a8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3284] 00000000719a8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692:3288] 00000000719a4e00
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3000] 000007fef56acc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3004] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2064] 000007fefebf0168
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1312] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2056] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1100] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:140] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2368] 000007fef567f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2344] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2348] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:2360] 000007fef556143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:1340] 000007fef5ba6050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3632] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:3884] 000007fef556b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2876:4000] 000007fef556b564
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1504] 00000000735d0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1692] 0000000075f50000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b57ece
Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007
Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@TimeLow -1467107104
Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@TimeHigh 30175773
Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@RegMark 0
Reg HKLM\SYSTEM\CurrentControlSet\services\PCCS64\Custom\7.00.007@ExpMark 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x2F 0xB1 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0x55 0xF4 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xA7 0x78 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b57ece (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@TimeLow -1467107104
Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@TimeHigh 30175773
Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@RegMark 0
Reg HKLM\SYSTEM\ControlSet002\services\PCCS64\Custom\7.00.007@ExpMark 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x2F 0xB1 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0x55 0xF4 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD0 0xA7 0x78 0xD8 ...
---- EOF - GMER 2.0 ---- |