| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Claro-Search Virus (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.12.2012, 00:25
| #1 |
 |  Claro-Search Virus (?) Hallo alle miteinander Ich habe vor kurzem ein Programm installieren wollen. Statt mit einem tollen Programm wurde ich aber scheinbar mit einem Virus beschenkt. Jetzt ist es so, dass die Startseite von Internet Explorer und Firefox ständig (auf claro-search.com) geändert wird, sobald der Browser geschlossen wird. Avira AntiVir und Malwarebytes Anti-Malware haben sich nach jeweils einem kompletten Suchlauf über nichts beschwert, claro scheint unsichtbar zu sein. Hat jemand schon eine Ahnung von diesem claro-search-Problem und/oder weiß, wie man es los wird? Google ist in dieser Sache wohl gegen mich, ich habe keine Lösung gefunden. // Edit: Ich bin mir nicht sicher, ob es sich hier um einen Virus handelt oder nicht.... Jedenfalls hab ich jetzt (durch die Logs, die ich mir gerade mal durchgelesen habe) mal geguckt, was sich da getan hat. Unter Anderem wurde bei der Installation etwas namens "Browser Manager" installiert. Im Startmenü gibt's dazu einen Deinstaller. Führt man den aus, wird die Startseite nicht mehr ständig durch die claro-search seite ersetzt. Fraglich ist, ob trotzdem noch etwas oder gar ein Virus vorhanden ist. // Logs von OTL OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2012 00:04:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free 15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS Computer Name: *****SPC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.27 09:03:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe PRC - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe PRC - [2012.08.16 16:16:04 | 000,402,944 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\CaptureGenUSB.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.02 15:34:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.14 22:35:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager) SRV - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.05 22:40:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.21 23:21:05 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.12 15:19:52 | 000,019,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2011.12.12 15:19:22 | 000,658,944 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA D8 16 A8 40 A3 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117452&tt=4812_5&babsrc=SP_ss&mntrId=30a5974a00000000000020cf30bbab81 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Programme\AmazonMP3Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012.11.14 22:06:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.12.02 15:38:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.12.02 15:34:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.01 20:14:25 | 000,000,000 | ---D | M] [2012.10.05 22:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.10.05 23:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hcw1svum.default\extensions [2012.11.23 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions [2012.10.06 21:12:15 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2012.10.06 21:12:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.10.05 22:51:01 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\testpilot@labs.mozilla.com.xpi [2012.10.05 23:21:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.17 23:01:34 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\compatibility@addons.mozilla.org.xpi [2012.11.04 10:15:11 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\firebug@software.joehewitt.com.xpi [2012.09.12 12:37:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\testpilot@labs.mozilla.com.xpi [2012.08.15 16:17:17 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2012.09.06 16:46:01 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.11.23 19:05:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2012.12.02 17:02:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = D:\Programme\Nettalk6\Nettalk.exe (Nicolas Kruse) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC601C21-E265-4961-B40C-AA7D8D16AA40}: DhcpNameServer = 192.168.0.1 O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2012.08.23 22:57:54 | 000,000,000 | ---D | M] - G:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 00:03:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.12.02 23:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.02 23:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.02 17:13:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.02 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.02 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.02 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.02 16:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.02 16:57:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.02 12:10:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 12:10:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Roni Music [2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Roni Music [2012.12.01 20:14:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.12.01 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Babylon [2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.12.01 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Amazon MP3 [2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Amazon [2012.11.24 12:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.11.23 16:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.11.23 15:44:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.11.23 15:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.21 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012.11.21 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\LibreOffice [2012.11.21 17:46:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012.11.19 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer [2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.16 17:12:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Notepad++ [2012.11.16 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.11.16 17:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.11.16 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.15 22:32:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AdobeMuse [2012.11.15 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe Scripts [2012.11.15 16:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.15 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.11.14 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PACE Anti-Piracy [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy [2012.11.14 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe [2012.11.14 21:02:15 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.11.14 21:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2012.11.14 21:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.11.14 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.11.14 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.14 20:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.11.14 20:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.11.14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.14 20:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.14 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.11.14 20:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.14 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.14 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Adobe ========== Files - Modified Within 30 Days ========== [2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.12.03 00:03:09 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2012.12.03 00:02:06 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2012.12.02 23:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 23:17:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 23:17:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 23:17:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 23:17:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 23:17:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.02 23:11:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.02 23:10:59 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 17:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.01 20:20:46 | 000,000,054 | ---- | M] () -- C:\Windows\Player.INI [2012.11.28 20:33:06 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.28 14:36:48 | 005,473,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.23 16:39:01 | 000,000,600 | ---- | M] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2012.11.21 23:21:05 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll [2012.11.21 23:21:05 | 000,015,416 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys [2012.11.21 23:21:05 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.11.15 16:20:54 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI [2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.12.03 00:03:09 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2012.12.03 00:02:08 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2012.12.02 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.02 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.02 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.02 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.02 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.01 20:20:46 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2012.11.21 23:23:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.11.21 23:23:35 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.11.20 09:01:52 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2012.11.17 23:12:10 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.16 13:11:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 13:06:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 22:31:15 | 000,001,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk [2012.11.14 22:36:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.11.14 22:07:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2012.11.14 22:07:00 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2012.11.14 22:07:00 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2012.11.14 20:52:06 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk [2012.11.14 20:50:48 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk [2012.11.14 20:46:34 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012.11.14 20:46:07 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012.11.14 20:09:41 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk [2012.11.14 20:09:18 | 000,001,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk [2012.11.14 20:09:02 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.11.14 20:08:42 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012.11.14 20:07:40 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.11.14 20:07:38 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.11.14 20:07:22 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.11.14 19:19:12 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012.10.10 14:49:29 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2012.10.07 23:44:40 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.07 23:44:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.10.07 23:44:33 | 000,037,513 | ---- | C] () -- C:\Windows\Irremote.ini [2012.10.07 23:44:24 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2012.10.07 23:40:30 | 000,007,188 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.10.07 01:49:17 | 000,000,332 | ---- | C] () -- C:\Users\*****\SciTE.session [2012.10.06 08:42:41 | 000,007,606 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2012.10.06 08:14:07 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.06 08:13:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.05 23:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.24 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon [2012.12.01 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon [2012.11.17 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.19 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer [2012.11.14 22:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2012.12.02 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2012.11.26 14:18:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.11.21 17:51:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice [2012.12.03 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nettalk [2012.11.16 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++ [2012.10.05 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2012.12.01 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Roni Music [2012.11.14 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2012.10.05 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2012.12.02 23:54:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:aWucimsIRjTIMuuUuCtzLXHiVGs @Alternate Data Stream - 1149 bytes -> C:\Users\*****\AppData\Local\uvUzpyhhIja:DBGonlGMksOwm7cjpVhGBqXqB @Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:8dQf1KHfAltBKxJKR8rdMyqQ < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 00:04:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free
15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
Computer Name: *****SPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078BF4CF-E043-4DEB-9B43-B0143A0523B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{0842347E-CF96-4D80-BBC8-C85CDA77B023}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E64484-54E1-4517-B279-EE28D3BB2BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2166F564-A03A-42F2-A71E-6F0C1C3F6B0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{313D82E4-8CBE-4C78-A0CC-25126AF10632}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32913AB2-FDE6-4B3E-B6B8-CA0F6B04AC2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B79B1C-6353-4A43-9B5B-EDCFFB7E3E70}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C3B7ED3-3317-423F-A7A8-7E5952A928BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CE01325-B938-4389-A4E2-6AE9B5956397}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46DB5FE9-89E8-47BD-AC5D-34244ACE4F7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{64193C10-D820-4E62-A03B-29C4B3A0B7B9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C576E1B-5A21-4A3B-9DAE-6336F29224B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A963D44D-0289-4531-A5F6-6B8786209DD7}" = lport=139 | protocol=6 | dir=in | app=system |
"{ACC6D569-BB6F-4940-8DE9-5560BD1C892F}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA686935-F419-46D4-BF39-F57E6CB2E895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9370CDD-B350-4AC6-971C-0A1016F80904}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBB91DDE-9CA1-4419-BD9F-C36B874EC512}" = rport=139 | protocol=6 | dir=out | app=system |
"{EDE197A3-A652-4067-B9F8-C073AF1F311C}" = lport=445 | protocol=6 | dir=in | app=system |
"{EEE6F6C1-B96B-4793-AFF5-72DBBC83C683}" = rport=137 | protocol=17 | dir=out | app=system |
"{F735079D-D85A-458A-A5B7-98B1D2DCD374}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEFF8103-394C-49B2-84DB-D47237458CA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B1E1D7-9E19-4A3C-B4D9-EF94D5486FFF}" = protocol=6 | dir=out | app=system |
"{0A2F0E1F-555F-43DD-936B-82D17BC93501}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1EB90DB1-CA3D-4AAA-9E87-3508698FE886}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{25C6DC92-2561-4F67-B4CD-E0D69DE3806C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E996DC8-BEA3-4EC9-9986-F33B408D5F44}" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{35C39396-479A-40A2-844D-AEF0CC1A1A99}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{379EFF94-842D-4B6A-A366-3E9A0DBCF365}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{383D0AF8-B0A0-4CB0-8C0D-306152EA7692}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{39DA69F6-F978-43AE-A3BA-C25465576595}" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{3F72D32E-DD15-464E-837A-5B93329363A9}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{43FFC225-4FDF-49E3-88A4-CB644F0D5CBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{454F7D1A-4122-4D3F-8117-1D398E4C8BC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{530C708B-AB24-421B-A766-E4FAB47965B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{58B7120A-C3F6-4834-96D5-DA69B89A5F9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B3CC59F-E6BD-4B73-8D2A-FC745F5092C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78B8850C-6EA7-477F-B1AC-80EFC24382DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A0A014A-AF2C-4AAB-86B0-7496BD4BB167}" = protocol=6 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe |
"{7E241A9D-CB1B-4783-87FF-FDA2F9EA8782}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{830BE7F4-C424-41B0-A41E-A7FA60F982F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92F5D16D-FC0D-4C48-B0A4-B4D13B64A54F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93990FCB-07D1-46B7-BA68-3CC11DD00A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98B1298C-FA27-4239-991D-F53FEC632BB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A64CAE97-824F-4D1F-80A7-C8C75BEB48D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7DB77C4-16EF-48CC-8CDA-4323495D841F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{AE77738C-6794-4C80-AEE7-F4196A946878}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{B9BB67EB-4636-4494-9EC1-4E8C43BC74D7}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{BA7DFCAF-4395-4158-AF3D-C27FC431C533}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{BE228CF6-32BA-4EA8-95DA-07A8DAF0FC86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB57565-0D1D-4688-A1F1-36147CCCC725}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{C27396A8-0110-4174-8662-98A80E47DB6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4A1B32B-22FD-40ED-A455-F3D066043B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C83CCF96-2E02-451B-BCDC-A70159036536}" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{CC818797-C05A-4B4A-AD9F-BC51ECB3D3CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D15C8E63-69EC-494C-AF1E-5D63283D3334}" = protocol=17 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe |
"{D4F2AD35-F09B-4D9C-97E4-5B2D35634C22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6DA4BD7-C4A6-43C6-801F-D2A7167E4D79}" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E5A1BB83-C7D4-4B00-AC63-A033D214A236}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{E7934C3D-DE26-430D-84D9-8FDBF3F6715E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EB66313C-54AF-4E3D-A538-0A8B2920FB8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCEA371A-71D8-43B7-95C9-657605092EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEB12B1C-2AE3-4876-B015-6232503D7B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{34B9585A-32CA-4AF1-8805-731F4928537B}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{61C00CA8-421E-44DE-9EFB-187D4D8B15E1}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{7FC04818-804E-4401-900E-A3E8C6DC94B1}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{96C78E79-67D7-46DF-B03C-E3B036787505}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{A2069BCE-5B3E-453D-A490-FAEE9A9190B6}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{70249A02-C2B4-40A4-BC12-74F19B20C1AF}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{765B3F03-628C-47FF-85B1-5145BD0915EC}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{A5AE6585-DD75-4A8E-A12E-CC90209A019D}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D9E55894-D4EA-4D40-95C1-777D8FE8134D}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{DE2C2123-5A9C-491F-903B-C73410328EF7}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoItv3" = AutoIt v3.3.8.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0
"Fraps" = Fraps (remove only)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 18.0 (x86 de)" = Mozilla Thunderbird 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"Notepad++" = Notepad++
"Origin" = Origin
"PuTTY_is1" = PuTTY version 0.62
"uTorrent" = µTorrent
"xampp" = XAMPP 1.8.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.11.2012 16:37:48 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13011
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13011
[ System Events ]
Error - 02.12.2012 10:43:17 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:20 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:23 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:25 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:28 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:31 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 11:57:23 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.12.2012 12:00:08 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.12.2012 12:02:01 | Computer Name = *****sPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 02.12.2012 12:02:28 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Falls noch Fragen offen sind, bitte bescheidgeben, danke. Viele Grüße, Weesel Geändert von Weesel (03.12.2012 um 00:55 Uhr) |
| Themen zu Claro-Search Virus (?) |
| adobe after effects, antivir, bho, bonjour, browser, browser manager, claro-search, combofix, error, firefox, flash player, frage, google, grand theft auto, helper, home, iexplore.exe, install.exe, launch, logfile, nodrives, popup, programm, realtek, registry, scan, security, software, svchost.exe, teamspeak, virus, windows |
Baum-Darstellung