|
Plagegeister aller Art und deren Bekämpfung: Antivir zeigt virus an!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.01.2013, 17:52 | #1 |
| Antivir zeigt virus an! hey, also ich hab mir gestern ein programm runtergeladen und nachdem installieren zeigte antivir mir einen virus an.bin dann auf löschen gegangen und hab das system danach mit antivir überprüft, seit dem zeigt antivir mir eine warnung und 24 versteckte objekte an. wollte mal fargen ob mir jemand sagen kann ob mein system mit irgendwas befallen ist habe schon die einträge schon gegoggelt aber werde nich wirklich schlau daraus.lg! Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UMD\DXVA\DI_METHOD [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.2356 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.2744 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Processes\2356 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Processes\2744 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Services\AEM\ChannelUrl HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Constructor ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste HotKey ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste HotKey ProcTime HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize InitializeGraphicsAdapter ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Aspect [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste Aspect [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Initialize [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Constructor ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Initialize [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Beginne mit der Suche in 'D:\' D:\hiberfil.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! ach ja und diese datei wurde als virus erkannt und in quarantäne verschoben... ADWARE/InstallCo.ME Beginne mit der Suche in 'C:\Users\M4rko\Downloads\qcad_1_5_1.exe' C:\Users\M4rko\Downloads\qcad_1_5_1.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCo.ME [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54856297.qua' verschoben! |
13.01.2013, 18:29 | #2 |
/// Helfer-Team | Antivir zeigt virus an!Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
13.01.2013, 19:55 | #3 |
| Antivir zeigt virus an! OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 19:00:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M4rko\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,22 Gb Available Physical Memory | 65,25% Memory free 15,99 Gb Paging File | 12,97 Gb Available in Paging File | 81,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 36,83 Gb Free Space | 30,89% Space Free | Partition Type: NTFS Drive D: | 55,90 Gb Total Space | 0,46 Gb Free Space | 0,82% Space Free | Partition Type: NTFS Drive E: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 151,61 Gb Total Space | 8,91 Gb Free Space | 5,88% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 83,99 Mb Free Space | 84,00% Space Free | Partition Type: NTFS Drive H: | 146,39 Gb Total Space | 146,27 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: M4RKO-PC | User Name: M4rko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- F:\Neuer Ordner (2)\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- F:\Neuer Ordner (2)\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06CF0CE8-51E1-445C-9FB6-12CDD49DD9F6}" = lport=138 | protocol=17 | dir=in | app=system | "{1984463F-F747-4878-931F-3D52F439AF02}" = lport=2869 | protocol=6 | dir=in | app=system | "{1FB0275C-15CA-4835-B812-1550E47D0856}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31C7AAC5-A3E8-4E93-8BD9-AAB657742BD2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{35B4639C-BF6E-405A-B1F6-AB4F02138908}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{36CEC330-723A-4E31-91D1-4D955433CF1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3A016BDB-CC37-4307-9FBE-806513773FAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A3E133D-9F2B-4E0E-8C69-4DBCF4A62B9E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3C8CA83D-4F41-4C99-A9D5-E8211ADD5C0B}" = rport=445 | protocol=6 | dir=out | app=system | "{4E775802-CC81-4752-8D21-85CF06821EC4}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | "{51BF514F-6A44-4D01-8193-9CDA7042A735}" = rport=138 | protocol=17 | dir=out | app=system | "{559DC0F4-5F2E-4BAE-8A5F-DC4230770F85}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{55CBBBBF-677F-4FDE-8589-E916E1127D7E}" = lport=137 | protocol=17 | dir=in | app=system | "{66CBBD2A-91FE-40A9-8698-C516A3F8FB04}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{706C9BF6-0B61-4BB2-BFFB-E73A1D7A393D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D48D41E-CDAF-44CC-A642-198B7867897B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{854B7571-54F2-433C-AC63-5DB99D39F86A}" = lport=139 | protocol=6 | dir=in | app=system | "{8B143A98-9B0D-4FDC-B120-ED1333B26CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{93F8C8A1-156D-46E5-A1E1-289444B825E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{96582BA7-DF2D-476D-8C25-4D036E63CD41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{997760AF-326F-4BF0-AE33-87AAE71F7C7F}" = lport=445 | protocol=6 | dir=in | app=system | "{9C2B8FDF-E6E7-478C-B94D-EF9AC99B4CFA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A6A490AF-0AA5-4858-9231-05C8D251CA97}" = rport=137 | protocol=17 | dir=out | app=system | "{ABCADB39-2E68-492F-AA73-C8D76C17D09C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BBD48A07-4DCC-4E5D-A31B-45DBD1652360}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA2B280A-65E6-4C93-B561-447BC6D7A039}" = lport=10243 | protocol=6 | dir=in | app=system | "{CFE54612-84C4-4592-AC98-4B35C10AD354}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D6DEB31A-AAF7-4285-AE65-2E323AE44562}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DAEBE9E7-5888-40E5-A0B3-168CE127DD91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5DC3581-A2ED-4FEB-B6D7-58E55E826671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FE15086F-A8B0-4521-B3EF-3B0CF53F2D3C}" = rport=139 | protocol=6 | dir=out | app=system | "{FE6F1A4A-39E3-4A0F-A0B8-137436E23B69}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08B8AF35-FC26-4E28-8929-D6D47ACB8744}" = protocol=6 | dir=in | app=c:\users\m4rko\appdata\roaming\dropbox\bin\dropbox.exe | "{09642C19-9ED8-4E7C-B051-6B825B48954C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe | "{09CC37CE-C89D-41CB-8E66-4241BC384FD4}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe | "{0FDC0010-FB38-4C62-9C13-36F5478C0E9B}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe | "{11857B47-9FDA-46DB-B703-806C13CC4C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1DA007B5-96AC-4AC3-A9AC-F910ADB6D1C3}" = protocol=6 | dir=in | app=f:\neuer ordner (2)\adobe flash builder 4.6\flashbuilder.exe | "{26F96432-7904-4B41-A33A-D7570DFA0A16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2B9C4305-AC20-4132-81B1-CFE0892567CF}" = protocol=6 | dir=out | app=system | "{2E0981DE-5808-4876-A9DD-130A67B87A47}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{342743FA-FBC5-4843-BC11-98BE0F6ECCD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6745D7C5-4256-4F24-B7E4-0E24B52F355F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{68839154-38BB-4E3D-AED0-B751EBE3B900}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6EF3DB10-525F-4207-8133-1B092ED9ACB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{71784CA0-8D5D-4491-8806-32631D2E5F49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{83DE38FA-6B36-4AF8-BA19-5694B81C283E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{84AAC2A8-AFCD-4BFF-A36F-8E20EAD78D10}" = protocol=17 | dir=in | app=f:\neuer ordner (2)\adobe flash builder 4.6\flashbuilder.exe | "{9146E146-5263-42E4-9363-E0BFC971EC56}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe | "{9F0CCCC5-1AE6-40C6-8DBF-F9DA7EFB1C3A}" = protocol=17 | dir=in | app=c:\users\m4rko\appdata\roaming\dropbox\bin\dropbox.exe | "{AAF9C35C-39A6-4552-ACA8-A56722689405}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AEF192F0-1E2C-45C4-84EE-E85C1C317249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AFD10419-5A39-4EB9-94D7-F04B96D0E5AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD7347AB-2F9B-4747-9D01-C25D08565C34}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C1CAAAAE-9AD8-439F-AC6A-3F66001CE697}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C3335AD6-9AA6-4EF0-94CC-3B00CFE4C58C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D0BD7B2D-A254-48CF-AA0D-BABA27B4D6F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D219BA9E-BAF0-487D-B83E-4C056DA333CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6D4A090-D6F4-4D63-905F-9226536B7181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1C31895-90D7-4961-B936-B360976BBD88}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{EBCF9C0A-A99E-4E08-B216-6282C1C57254}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FC69C59E-813D-4720-9794-8BD1CC18437F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{A1D36621-945B-4B6C-96C3-12C4131CD44D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{C3359931-BF91-494B-A1E0-0C011A39865F}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{C7C00BD8-A4AD-4F89-8F83-59F4BB4D7162}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "TCP Query User{CFC1FE2D-C917-431F-BFBB-177265BC7A00}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{FA7B7CC3-C15C-4E01-9E37-E47488125C12}C:\users\m4rko\downloads\miranda-im-v0.9.49-x64\miranda64.exe" = protocol=6 | dir=in | app=c:\users\m4rko\downloads\miranda-im-v0.9.49-x64\miranda64.exe | "UDP Query User{59955EBF-6D4F-4AB2-9C1D-59859E1266AB}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{83458C81-A93E-4C03-90FD-E6DF1771291C}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{85DA4157-C7EA-4BDD-9F18-C7EC9F4A6DFB}C:\users\m4rko\downloads\miranda-im-v0.9.49-x64\miranda64.exe" = protocol=17 | dir=in | app=c:\users\m4rko\downloads\miranda-im-v0.9.49-x64\miranda64.exe | "UDP Query User{9ABEDED8-1DE5-4D78-8EEE-5AD8E25A73CC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{BD0407DF-D057-4881-B31C-359C15406A8A}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver "{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding "{8685E5B7-EE48-4AE7-9400-90DA5564C2AA}" = MAGIX Screenshare "{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs "{B853B309-58D1-44DF-87F1-64D23A5AFF4B}" = MAGIX Speed burnR (MSI) "{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) "1F64724E4D591A125651B4B68C84B9CCE9619004" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) "Lexmark 2300 Series" = Lexmark 2300 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish "{15EAF67D-279F-4AB4-B19C-8475756151D8}" = MAGIX Video deluxe 17 Plus Sonderedition Video Plugins "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All "{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard "{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish "{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English "{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese "{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek "{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French "{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian "{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German "{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1D6862B-7112-45CC-B008-2F9D4D409285}" = MAGIX Video deluxe 17 Plus Sonderedition "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AbiWord2" = AbiWord 2.9.2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Any Video Converter_is1" = Any Video Converter 3.5.7 "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser" = Adobe Widget Browser "Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "GoPro CineForm Studio" = GoPro CineForm Studio 1.2.1 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "MAGIX_{8685E5B7-EE48-4AE7-9400-90DA5564C2AA}" = MAGIX Screenshare "MAGIX_{B853B309-58D1-44DF-87F1-64D23A5AFF4B}" = MAGIX Speed burnR (MSI) "MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus Sonderedition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix "NewBlue Lightning for Magix" = NewBlue Lightning for Magix "VSO DivxToDVD_is1" = DivxToDVD 0.5.2b "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.01.2013 12:55:21 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2013 18:18:37 | Computer Name = M4rko-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 10.01.2013 15:30:53 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 11:29:04 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 16:57:15 | Computer Name = M4rko-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12.01.2013 08:38:35 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 21:58:00 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 23:18:51 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 13.01.2013 09:23:22 | Computer Name = M4rko-PC | Source = WinMgmt | ID = 10 Description = Error - 13.01.2013 11:10:07 | Computer Name = M4rko-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 14.12.2012 18:39:58 | Computer Name = M4rko-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \...\DR10 gefunden. Error - 16.12.2012 10:38:15 | Computer Name = M4rko-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?16.?12.?2012 um 15:33:02 unerwartet heruntergefahren. Error - 16.12.2012 10:38:20 | Computer Name = M4rko-PC | Source = BugCheck | ID = 1001 Description = Error - 04.01.2013 21:25:44 | Computer Name = M4rko-PC | Source = DCOM | ID = 10010 Description = Error - 09.01.2013 20:05:07 | Computer Name = M4rko-PC | Source = DCOM | ID = 10010 Description = Error - 12.01.2013 22:27:45 | Computer Name = M4rko-PC | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.01.2013 19:00:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M4rko\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,22 Gb Available Physical Memory | 65,25% Memory free 15,99 Gb Paging File | 12,97 Gb Available in Paging File | 81,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 36,83 Gb Free Space | 30,89% Space Free | Partition Type: NTFS Drive D: | 55,90 Gb Total Space | 0,46 Gb Free Space | 0,82% Space Free | Partition Type: NTFS Drive E: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 151,61 Gb Total Space | 8,91 Gb Free Space | 5,88% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 83,99 Mb Free Space | 84,00% Space Free | Partition Type: NTFS Drive H: | 146,39 Gb Total Space | 146,27 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: M4RKO-PC | User Name: M4rko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\M4rko\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\DAODx.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () MOD - C:\Windows\DAODx.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( ) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcg_device) -- C:\Windows\SysWOW64\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (a4djavs_x64) -- C:\Windows\SysNative\drivers\a4djavs_x64.sys (Native Instruments GmbH) DRV:64bit: - (a4djusb_x64) -- C:\Windows\SysNative\drivers\a4djusb_x64.sys (Native Instruments GmbH) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 29 DE FF F4 18 CD 01 [binary data] IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-807919328-3605470727-906601096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.12.15 21:36:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.03 21:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:56:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:56:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 19:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M4rko\AppData\Roaming\mozilla\Extensions [2013.01.03 21:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M4rko\AppData\Roaming\mozilla\Firefox\Profiles\mukv4x4f.default\extensions [2012.10.03 00:55:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\M4rko\AppData\Roaming\mozilla\Firefox\Profiles\mukv4x4f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.12 07:24:25 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\M4rko\AppData\Roaming\mozilla\firefox\profiles\mukv4x4f.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.11 20:48:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\M4rko\AppData\Roaming\mozilla\firefox\profiles\mukv4x4f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.23 21:13:57 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\M4rko\AppData\Roaming\mozilla\firefox\profiles\mukv4x4f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.11 17:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.11 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.01.11 17:56:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.01 08:40:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.01 08:40:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.01 08:40:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.01 08:40:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.01 08:40:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.01 08:40:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-807919328-3605470727-906601096-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Neuer Ordner (2)\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-807919328-3605470727-906601096-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-807919328-3605470727-906601096-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\M4rko\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\M4rko\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\M4rko\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\M4rko\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1F1EAC-E7F6-4A9F-8ACA-53151CE507DB}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.26 07:52:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.10.08 22:02:33 | 000,000,000 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{40f2e78d-84e4-11e1-9cd0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{40f2e78d-84e4-11e1-9cd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 18:25:57 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\Malwarebytes [2013.01.13 18:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.13 18:25:48 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.13 18:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.13 18:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Local\Programs [2013.01.11 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.09 18:01:58 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 18:01:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 18:01:48 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 18:01:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 18:01:47 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 18:01:47 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 18:01:47 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 18:01:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 18:01:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 18:01:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 18:01:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 18:01:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 18:01:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 18:01:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 18:01:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 18:01:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 18:01:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 18:01:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 18:01:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 18:01:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 18:01:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 18:01:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 18:01:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 18:01:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 18:01:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 18:01:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 18:01:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 18:01:46 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 18:01:46 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 18:01:46 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 18:01:46 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 18:01:46 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 18:01:46 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 18:01:46 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 18:01:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 18:01:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 18:01:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 18:01:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 18:01:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 18:01:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 18:01:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 18:01:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 18:01:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 18:01:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 18:01:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 18:01:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 18:01:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 18:01:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 18:01:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 18:01:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 18:01:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 18:01:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 18:01:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 18:01:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 18:01:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 18:01:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 18:01:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.03 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\TuneUp Software [2013.01.03 21:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.03 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Local\Conduit [2013.01.03 21:07:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.03 21:07:20 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\OpenCandy [2012.12.29 01:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.29 01:18:26 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.29 01:18:24 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.29 01:18:24 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.29 01:18:24 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.29 01:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.28 01:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.28 01:22:51 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.28 01:22:51 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.21 00:28:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 00:28:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 00:28:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 00:28:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.16 16:25:35 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Local\AMD [2012.12.16 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.16 16:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.12.16 16:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.16 16:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.12.16 16:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.16 16:23:55 | 000,000,000 | ---D | C] -- C:\AMD [2012.12.15 22:22:42 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.12.15 22:22:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2012.12.15 22:09:50 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\PACE Anti-Piracy [2012.12.15 22:09:50 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Local\PACE Anti-Piracy [2012.12.15 22:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2012.12.15 22:09:47 | 000,000,000 | ---D | C] -- C:\Users\M4rko\Documents\Adobe [2012.12.15 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\PDAppFlex [2012.12.15 21:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.12.15 21:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.12.15 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.12.15 21:38:16 | 000,000,000 | ---D | C] -- C:\Users\M4rko\Adobe Flash Builder 4.6 [2012.12.15 21:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2012.12.15 21:34:51 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2012.12.15 21:34:51 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2012.12.15 21:34:51 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2012.12.15 21:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2012.12.15 21:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.12.15 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2012.12.15 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6 [2012.12.15 21:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.12.15 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\M4rko\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.12.15 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012.12.15 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 18:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.13 17:51:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 17:51:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 14:48:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 14:48:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 14:48:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 14:48:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 14:48:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 14:23:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 14:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.10 20:30:55 | 005,017,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.08 22:40:11 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.08 22:40:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.03 21:07:52 | 000,000,009 | ---- | M] () -- C:\END [2012.12.29 01:18:21 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.29 01:18:21 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.29 01:18:21 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.29 01:18:21 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.29 01:18:21 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.28 01:22:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.20 22:55:35 | 000,003,102 | ---- | M] () -- C:\Users\M4rko\Documents\fahrten november.abw [2012.12.20 22:45:38 | 000,003,103 | ---- | M] () -- C:\Users\M4rko\Documents\fahrten september.abw [2012.12.20 22:40:51 | 000,003,472 | ---- | M] () -- C:\Users\M4rko\Documents\fahrten august.abw [2012.12.20 22:37:34 | 000,003,472 | ---- | M] () -- C:\Users\M4rko\Documents\fahrten juli.abw [2012.12.20 22:32:35 | 000,003,379 | ---- | M] () -- C:\Users\M4rko\Documents\fahrten juni.abw [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.03 21:07:52 | 000,000,009 | ---- | C] () -- C:\END [2012.12.20 22:55:35 | 000,003,102 | ---- | C] () -- C:\Users\M4rko\Documents\fahrten november.abw [2012.12.20 22:45:38 | 000,003,103 | ---- | C] () -- C:\Users\M4rko\Documents\fahrten september.abw [2012.12.20 22:40:51 | 000,003,472 | ---- | C] () -- C:\Users\M4rko\Documents\fahrten august.abw [2012.12.20 22:37:34 | 000,003,472 | ---- | C] () -- C:\Users\M4rko\Documents\fahrten juli.abw [2012.12.20 22:32:35 | 000,003,379 | ---- | C] () -- C:\Users\M4rko\Documents\fahrten juni.abw [2012.12.15 21:36:16 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2012.12.15 21:36:16 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2012.12.15 21:35:09 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012.12.15 21:33:50 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.12.15 20:11:36 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.12.02 08:38:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.02 08:38:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.11.27 19:06:08 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2012.11.27 19:06:08 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2012.11.27 19:06:08 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2012.11.27 19:06:08 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2012.11.27 19:06:08 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2012.11.27 19:06:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2012.11.27 19:06:07 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2012.11.27 19:06:07 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2012.11.27 19:06:07 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2012.11.27 19:06:07 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2012.11.27 19:06:07 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2012.11.27 19:06:07 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2012.11.27 19:06:07 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2012.11.27 19:06:07 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2012.11.27 19:06:07 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2012.11.27 19:06:07 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2012.11.27 19:06:07 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.12 22:40:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.12 22:21:39 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.04.12 22:21:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.04.12 22:21:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.04.12 22:21:38 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.04.12 22:17:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.04.12 22:17:25 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1282 bytes -> C:\Users\M4rko\AppData\Local\Temp:3PfQDicen5Z2GH9EeFwsg3 @Alternate Data Stream - 1098 bytes -> C:\Users\M4rko\AppData\Local\Temp:QePO4r9fK1hdf4PYEUqHh < End of report > Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 M4rko :: M4RKO-PC [limitiert] Schutz: Aktiviert 13.01.2013 18:59:26 mbam-log-2013-01-13 (18-59-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519204 Laufzeit: 20 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 M4rko :: M4RKO-PC [limitiert] Schutz: Aktiviert 13.01.2013 18:59:26 mbam-log-2013-01-13 (18-59-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519204 Laufzeit: 20 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
14.01.2013, 10:49 | #4 |
/// Helfer-Team | Antivir zeigt virus an! sieht alles sauber aus, war nur adware. Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
03.03.2013, 11:48 | #5 |
/// Helfer-Team | Antivir zeigt virus an! Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Antivir zeigt virus an! |
antivir, befallen, class, datei, einträge, gen, gestern, hinweis, hotkey, installieren, konnte, löschen, programm, runtime, schlau, services, software, suche, system, users, versteckte, versteckten, virus, warnung, wirklich |