Hallo,
hat alles ohne Probleme geklappt.
Hier die Logfiles:
JRT.txt: HTML-Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Marcel on 29.03.2013 at 12:15:54,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2013 at 12:19:50,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner:
AdwCleaner Logfile: Code:
# AdwCleaner v2.115 - Datei am 29/03/2013 um 12:25:45 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marcel - MARCEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marcel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\1kpvpsne.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1052 octets] - [29/03/2013 12:25:45]
########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########
--- --- ---
Und die OTL-Logfiles:
OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 29.03.2013 12:31:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,04% Memory free
15,94 Gb Paging File | 14,36 Gb Available in Paging File | 90,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 38,67 Gb Free Space | 38,67% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Marcel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe ()
MOD - C:\Program Files (x86)\Vtune\TBManage.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D F6 F0 7B 7C 29 CE 01 [binary data]
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{15DDC04D-6FFD-4BA3-A653-94E19713A8DD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{5B272025-5BED-44BF-A575-12D5C89AF4B2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{6820A245-544D-4A3A-BE48-18C53D7C4B21}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{C4039295-C47C-4CC0-B8C7-2D2F07429751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{CECB20D3-620B-4F93-98C7-8EA462C76547}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\..\SearchScopes\{F196558C-D112-4C55-A97D-AFBC0F31815F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=bd99b1fe-9f0d-40a0-9805-de11bc3be5a1&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3634624668-16469543-752218273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.facebook.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 00:52:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.01.13 18:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2012.10.26 12:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\1kpvpsne.default\extensions
[2012.10.07 13:39:54 | 000,002,101 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\googlede.xml
[2012.05.05 23:26:12 | 000,001,088 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\1kpvpsne.default\searchplugins\{586F9D64-FAB6-4373-8E7D-1A00773DA688}.xml
[2013.03.12 00:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.12 00:51:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.12 00:52:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 20:10:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.11 20:10:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.11 20:10:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.11 20:10:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.11 20:10:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.11 20:10:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Marcel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [ICQ] D:\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [SkyDrive] C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3634624668-16469543-752218273-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7110CB85-BFA3-4C56-ACB6-0F2D9FC8ACC3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9915087E-A623-4958-88BB-AED5AF7FC7C4}: DhcpNameServer = 131.246.9.116 131.246.1.116
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6a56e5-3e0b-11e1-9dd3-83e236c3ac73}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell - "" = AutoRun
O33 - MountPoints2\{3f93b570-3e0c-11e1-b062-f57b2ab9d019}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.29 12:15:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.29 12:15:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.29 12:14:54 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Marcel\Desktop\JRT.exe
[2013.03.29 01:50:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marcel\Desktop\tdsskiller.exe
[2013.03.29 00:43:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe
[2013.03.28 16:54:49 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021
[2013.03.27 21:21:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2013.03.27 19:11:23 | 000,000,000 | R--D | C] -- C:\Users\Marcel\SkyDrive
[2013.03.27 00:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2013.03.27 00:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone
[2013.03.27 00:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2013.03.26 21:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.03.26 03:10:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.24 18:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.24 18:42:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.24 18:42:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.24 18:42:19 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.24 18:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.17 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battle Realms
[2013.03.16 14:13:24 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\SimCity 4
[2013.03.16 14:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2013.03.16 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2013.03.16 01:27:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.16 01:27:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.16 01:27:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.16 01:27:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.16 01:27:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.16 01:27:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.16 01:27:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.16 01:27:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.16 01:27:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.16 01:27:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.16 01:27:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.16 01:27:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.16 01:27:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.16 01:27:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.16 01:27:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.16 01:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.15 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\Programs
[2013.03.15 21:10:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.15 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.12 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013.03.29 12:27:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 12:26:55 | 2123,976,703 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.29 12:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 12:22:12 | 000,609,993 | ---- | M] () -- C:\Users\Marcel\Desktop\adwcleaner.exe
[2013.03.29 12:14:57 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Marcel\Desktop\JRT.exe
[2013.03.29 12:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 12:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 01:50:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marcel\Desktop\tdsskiller.exe
[2013.03.29 01:48:57 | 000,000,512 | ---- | M] () -- C:\Users\Marcel\Desktop\MBR.dat
[2013.03.29 00:45:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe
[2013.03.28 16:53:58 | 013,786,977 | ---- | M] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021.zip
[2013.03.28 16:35:11 | 000,377,856 | ---- | M] () -- C:\Users\Marcel\Desktop\gmer_2.1.19155.exe
[2013.03.28 02:42:02 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.28 02:42:02 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.28 02:42:02 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.28 02:42:02 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.28 02:42:02 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.28 02:41:54 | 001,590,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.27 21:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2013.03.27 18:57:36 | 000,002,026 | ---- | M] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk
[2013.03.26 23:43:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.26 13:05:21 | 313,835,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.24 18:42:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.24 18:42:15 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.24 18:42:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.24 18:42:15 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.18 16:04:38 | 000,003,059 | ---- | M] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk
[2013.03.16 14:13:14 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\SimCity 4.lnk
[2013.03.15 22:23:14 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.15 22:23:14 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.15 21:11:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.15 21:01:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
========== Files Created - No Company Name ==========
[2013.03.29 12:22:08 | 000,609,993 | ---- | C] () -- C:\Users\Marcel\Desktop\adwcleaner.exe
[2013.03.29 01:48:57 | 000,000,512 | ---- | C] () -- C:\Users\Marcel\Desktop\MBR.dat
[2013.03.28 16:53:48 | 013,786,977 | ---- | C] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1021.zip
[2013.03.28 16:35:09 | 000,377,856 | ---- | C] () -- C:\Users\Marcel\Desktop\gmer_2.1.19155.exe
[2013.03.27 19:11:23 | 000,002,184 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.03.27 18:57:36 | 000,002,026 | ---- | C] () -- C:\Users\Marcel\Desktop\Windows Phone.lnk
[2013.03.27 00:38:37 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.26 23:43:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.18 16:04:38 | 000,003,059 | ---- | C] () -- C:\Users\Marcel\Desktop\Battle Realms.lnk
[2013.03.16 14:13:14 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\SimCity 4.lnk
[2013.03.15 21:10:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 21:59:26 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
--- --- ---
Extras.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 29.03.2013 12:31:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,04% Memory free
15,94 Gb Paging File | 14,36 Gb Available in Paging File | 90,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 38,67 Gb Free Space | 38,67% Space Free | Partition Type: NTFS
Drive D: | 365,76 Gb Total Space | 339,46 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
Drive E: | 2,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 177,29 Gb Total Space | 176,51 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 195,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B12C1A4-7D89-478C-80AD-BC376D305F4B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D8EED73-27D7-4473-8508-A66E28691378}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F122A76-BB53-4A08-8BAE-2B1F89A8C5F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC0841F-EBA8-4A09-B844-756A9AB505D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ACE5863-7E27-4BE5-842D-5E44E6050000}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44ED232B-2A6F-4148-8B0E-C57082974C26}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F777C4D-33A8-4465-9389-BA42E75A7759}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5D7B516F-CF50-4228-A804-EA8086078F08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{670BFC23-0A76-4174-85C1-8497577E3C0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A4D740E-4A9F-4F14-9493-06FF605AB668}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7429B1CB-1EB3-4240-9A0C-8C3164BDB8CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{81EC6226-DCF6-42CF-884C-2149068F72C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D7B51B-8669-4C65-B293-A3D7DA6D1CF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA9E3FF-3A9F-4036-987F-1B9ED3E22653}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE8C73D9-E02E-4E7E-8DD8-C865A7021CB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79E5133-66C3-43B3-8CDD-1FA7497C568A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA28F387-E7B6-41E0-98FA-295370D27C72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE67CF32-9C4B-4060-8292-8B415866ADB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D82F49B9-6FCA-4400-AEEB-38B77AF9F533}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9A5092C-77AA-4064-8BAA-B2F08024CB77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F281F27E-212D-4B46-962F-7AD655488E03}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CBA2E9-7C2B-4D77-9C42-04DF90EEC5D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4EADAC2-CCA6-4985-A739-DE3DF5760EDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5C33322-8F7A-4D59-BB1E-F05BDF172569}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049BEE0A-5D4B-4DFE-AEB8-B2C2E7BC606D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0980D335-DB20-4160-B4B3-DF4247889239}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{1416DB80-C34F-4976-951E-870656C37036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1439A8B1-BC56-4284-A7C4-B29447118B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1509B905-84E8-4387-B2C2-E2E78B7E712A}" = protocol=6 | dir=out | app=system |
"{1CF4B469-A92F-4462-8335-346EB4EB407E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{1D5E7BB5-02AA-4227-9288-405D1E490A70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26B29987-4E1C-4C28-93F3-3B6AA15C2ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C8025EC-DAA6-42CC-91CA-9BE269A42008}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{2E5846C0-0B04-458B-9D28-78BADA38737E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F83061C-D98A-44C0-A54C-F22DEF7A187F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{329D1D70-1E44-4CF8-88E4-126AD7598893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32E75B7E-9D06-4A9D-AC4A-C5697492A0AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33E2CC50-86C1-4FB8-9B67-D204F3301061}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{35DFEBE8-22B8-4505-81AE-237FD2864076}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3E0B332D-FE7C-4FBF-BFDC-43CBC183BA38}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{4089A2F8-E3AF-4F40-8F3F-7CC0BB841696}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{4706B015-45F7-4ACE-B4EB-2E253EAD5F7B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49A416F6-CDC5-40F3-AFF7-D05692A833A9}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{4FD7E8A9-B1BD-48F4-ADA5-C019AE06E52A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58EB19D5-8391-4BB0-8884-FAC8AAADEAA1}" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{59B65A99-FE1E-4942-B365-E3182B36BA74}" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"{5BC83DA0-6024-40A9-9094-DA539635C7A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{618D9FAD-5C3A-43C1-84BF-2C45D2CECE26}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{68F4DE10-B7DC-4213-B9B9-56B2AA12B1BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691E17C8-1D5D-4304-9C6C-8784D71E36EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7762E9E5-14A8-4063-AF1A-1DF2329D4339}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{798FC83A-C8AC-47EB-9D9B-CBB5CDD023A0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7B520039-2127-42B4-951E-73C854F0DA44}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{8BC07EA6-D399-49BA-8FC6-1CDAF313B351}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AD307F3-1FD9-4034-84F3-4F3A1A32610F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE36D6E-F223-4AAB-AF61-ABC66CD4F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D67A346-CB29-4A7A-B09B-60D9018B0C68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A58AB83E-C3D3-499B-989E-48F6EC3A9A66}" = dir=in | app=c:\users\marcel\appdata\local\microsoft\skydrive\skydrive.exe |
"{C11A7F46-1C46-4500-A35D-FB4744B32484}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C52AF2A8-D6B0-4B77-8AB9-A4BDE664D279}" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
"{C7142AE0-37A3-4DE8-BE76-02309E17393F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDB0E7E-9105-44AF-AEED-6DAB07B27325}" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9D87791-4AD1-4206-AAC1-12AD4615427C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA4FC917-D6F7-4167-BC0D-DC0F55D07F1C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe |
"{FAC248BF-FAA6-4A78-9EDC-8D9CEC9C6EF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{11586AE9-943D-4AFA-9472-355130D1988B}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{4B819006-A64B-4737-8DCF-785EDAFF4557}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{6DE0CD46-9115-4C0C-AB64-E6FE91C8A163}D:\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"TCP Query User{78FFBB6E-8826-46B5-9332-5286FEE55643}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{84AA611D-D94D-494F-A795-54FFB5786C25}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B2D3FD3-C6B4-4114-942F-CC241253D06E}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{BE8EAFA9-866F-475D-A3F5-C65C5161FEB3}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{C9C42BC7-1FF8-48AE-86BB-160E6961D69A}D:\icq7m\icq.exe" = protocol=6 | dir=in | app=d:\icq7m\icq.exe |
"TCP Query User{D3EEC0E2-165D-499B-9589-0F4D9FDB5F96}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{0480F8C3-EA10-4D8F-A2E2-ECD068E58054}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{2EE450DE-FF1C-48FC-87EB-22508D8A0359}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{402DC851-3E59-4300-9ED9-451A245E59CF}C:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5C7E0EBE-C045-469E-886A-8CB9455E8F7C}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{761C8177-7716-436F-98D4-D9F4960591D4}D:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{802B489B-4C32-4853-8694-398631E4ECC5}C:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\call of duty 2 an marcel (192.168.1.8)\cod2mp_s.exe |
"UDP Query User{DE823802-8F04-4706-9303-82DBB1E68FA4}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E15B8227-FBD5-4341-A716-0F92F3C837A1}D:\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\maple 13\jre\bin\maple.exe |
"UDP Query User{E2AA3373-BEE3-498F-9A15-1BFF3961DFDF}D:\icq7m\icq.exe" = protocol=17 | dir=in | app=d:\icq7m\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18EFF59E-BB7D-40F9-BE20-6A910BADC2E1}" = Windows Phone
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenVPN" = OpenVPN 2.1.1-gui-1.0.3
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634624668-16469543-752218273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 07:28:48 | Computer Name = Marcel-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 29.03.2013 07:27:33 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:33 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010)
Description:
HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:38 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 29.03.2013 07:27:48 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 29.03.2013 07:27:48 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 29.03.2013 07:27:49 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 29.03.2013 07:28:00 | Computer Name = Marcel-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1336 NULL object. Cannot establish a connection at this time.
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 29.03.2013 07:32:12 | Computer Name = Marcel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 29.03.2013 07:26:48 | Computer Name = Marcel-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 29.03.2013 07:29:40 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 29.03.2013 07:29:40 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
--- --- --- |
GMER herunter: (Dateiname zufällig) 
Tauchen Probleme auf? 
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
