| |
| |||||||
Log-Analyse und Auswertung: BDS/ZeroAccess.gen hat mich erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.03.2013, 19:08
| #1 |
 |  BDS/ZeroAccess.gen hat mich erwischt Hallo liebe Helfer vom Trojaner-Board, mich hat BDS/ZeroAccess.gen erwischt. ich habe alle Schritte bis jetzt ausgeführt (defogger, otl, gmer), wie gehts jetzt weiter? Vielen Dank für eure Hilfe schonmal!  Hier noch die logfiles OTL.txt: Code:
ATTFilter OTL logfile created on: 07.03.2013 17:53:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Magnus\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,68 Gb Total Physical Memory | 3,83 Gb Available Physical Memory | 67,48% Memory free 11,36 Gb Paging File | 9,36 Gb Available in Paging File | 82,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,66 Gb Total Space | 357,82 Gb Free Space | 79,93% Space Free | Partition Type: NTFS Computer Name: MAGNUS | User Name: oem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.07 17:51:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Magnus\Downloads\OTL.exe PRC - [2013.02.17 10:52:07 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe PRC - [2013.01.28 20:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.01.28 20:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.25 13:10:17 | 000,083,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2013.01.23 13:33:47 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.09 22:09:39 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.126\deploy\LoLLauncher.exe PRC - [2012.10.31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2012.10.30 15:33:20 | 000,058,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe PRC - [2012.10.27 10:44:05 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Magnus\AppData\Roaming\Spotify\spotify.exe PRC - [2012.10.27 10:44:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Magnus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.12 11:33:36 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.02.17 10:52:07 | 014,717,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2012.12.09 22:09:39 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.126\deploy\LoLLauncher.exe MOD - [2012.10.30 15:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl MOD - [2012.10.30 15:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl MOD - [2012.10.30 15:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl MOD - [2012.10.27 10:44:05 | 020,220,376 | ---- | M] () -- C:\Users\Magnus\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.10.12 11:33:36 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV - [2013.01.28 20:16:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.01.28 20:16:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012.10.12 11:33:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.01.05 15:23:58 | 000,867,712 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.24 19:51:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.12.24 19:51:10 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.12.24 19:51:10 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.02 04:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.22 02:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.21 10:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.06 07:44:20 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 11:33:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.10.12 11:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.12 11:33:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Users\oem\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKCU..\Run: [Spotify] C:\Users\oem\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\oem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D67CDE-88B8-42B4-81F4-0E3212D17EE7}: NameServer = 172.25.0.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4AB43D-5AA3-48C5-A96F-FD05870846D6}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 08:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.01 08:31:10 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.01 08:31:10 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.01 08:31:10 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.01 08:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.01 08:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.24 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2013.02.24 16:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.23 17:23:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.23 14:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.23 14:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.23 14:11:01 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.23 14:11:00 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.23 14:11:00 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.23 14:11:00 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.23 14:11:00 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.23 14:10:58 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.02.23 14:10:57 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.02.23 14:10:57 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.02.23 14:10:57 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.02.23 14:10:51 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.23 14:10:51 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.23 14:10:50 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.23 14:10:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.23 14:10:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.23 14:10:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.23 14:10:44 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.02.23 14:10:44 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.02.23 14:10:44 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.02.23 14:10:44 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.02.23 14:10:44 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.02.23 14:10:42 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.02.23 14:10:42 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.02.23 14:10:38 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.02.23 14:10:37 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.23 14:10:37 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.23 14:10:36 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.02.23 14:10:36 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.02.23 14:10:36 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.23 14:10:24 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.23 14:10:24 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.23 14:10:24 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.02.23 14:10:24 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.02.23 14:10:24 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.02.23 14:10:23 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.23 14:10:23 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.02.23 14:10:22 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.23 14:10:22 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.23 14:10:22 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.23 14:10:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.23 14:10:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.23 14:10:22 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.02.23 14:10:21 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.23 14:10:20 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.23 14:10:20 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.21 13:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts [2013.02.21 13:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2013.02.07 13:12:34 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013.02.07 11:41:28 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2013.03.07 18:00:01 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Packard Bell Registration - Reminder Recall task.job [2013.03.07 17:56:38 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.07 17:56:38 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.07 17:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.07 17:48:46 | 277,901,311 | -HS- | M] () -- C:\hiberfil.sys [2013.03.07 17:46:50 | 000,000,000 | ---- | M] () -- C:\Users\oem\defogger_reenable [2013.03.07 17:42:32 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151184538-3474108200-4023508122-1000UA.job [2013.03.07 17:42:32 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151184538-3474108200-4023508122-1000Core.job [2013.03.01 10:49:21 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 10:49:21 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 10:49:21 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 10:49:21 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 10:49:21 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.24 21:31:28 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013.02.24 16:44:59 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk [2013.02.23 14:01:25 | 000,000,000 | ---- | M] () -- C:\user.js [2013.02.17 10:46:10 | 000,298,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.07 17:46:50 | 000,000,000 | ---- | C] () -- C:\Users\oem\defogger_reenable [2013.02.24 21:31:28 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013.02.24 16:44:59 | 000,002,307 | ---- | C] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk [2013.02.23 14:10:49 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.23 14:01:25 | 000,000,000 | ---- | C] () -- C:\user.js [2013.02.03 21:08:55 | 000,000,017 | ---- | C] () -- C:\Users\oem\AppData\Local\resmon.resmoncfg [2012.11.27 21:31:10 | 000,017,408 | ---- | C] () -- C:\Users\oem\AppData\Local\WebpageIcons.db [2012.11.20 14:51:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.11.12 14:23:46 | 000,000,600 | ---- | C] () -- C:\Users\oem\AppData\Roaming\winscp.rnd [2012.08.05 19:00:52 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.07 11:41:28 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Dropbox [2013.01.28 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DVDVideoSoft [2012.08.05 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESET [2012.08.13 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\FloodLightGames [2012.08.28 08:54:11 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\FoozKids [2012.09.14 09:15:41 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Guitar Pro 6 [2012.12.24 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\IObit [2012.08.28 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\LolClient [2012.08.14 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Mystery of Mortlake Mansion [2012.08.05 18:39:20 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Screensaver [2012.09.08 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\SoftGrid Client [2012.09.08 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Spotify [2012.08.05 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\TP [2012.09.08 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.03.2013 17:53:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Magnus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,68 Gb Total Physical Memory | 3,83 Gb Available Physical Memory | 67,48% Memory free
11,36 Gb Paging File | 9,36 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 357,82 Gb Free Space | 79,93% Space Free | Partition Type: NTFS
Computer Name: MAGNUS | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0250E632-BE26-4482-A59F-72B6727DE464}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1312EEBE-9249-47AE-AEB6-03B78748336A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{208AA6D2-B8EF-48EE-8538-B6A4807420B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{346BA4E2-2BF8-4EB4-841F-7DE90FFF7B60}" = lport=138 | protocol=17 | dir=in | app=system |
"{499FA56E-E561-40AC-88A6-F5C87AAC7821}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DC53DB3-A111-449D-BE24-9B0B620265B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{701615C4-4259-4665-9DE9-C9B9EAFBE4B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7ECEED1B-B16D-4AD7-B27C-9E793D129774}" = lport=445 | protocol=6 | dir=in | app=system |
"{848ACBD8-89D6-4027-95AE-F440854384EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E8B08F3-B8F9-443D-9B44-2D0A4D71AB89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B91E3DE-6AD6-44C6-BA63-6B7E568DD019}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A57A66FA-687B-460C-BC99-B22F253898EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D442F6FB-D8F7-4482-B061-41BC761FD2CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8E4FB30-0DE3-41FF-A47A-AE64626148FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFABE6B6-8A95-4BE5-92D4-BA62A60EBF73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E06FD54C-4299-408C-84B4-38795ED006EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4FC5067-6943-41AE-9254-0E0A51A5F750}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAA33264-1563-47E6-8CAA-2628054DD375}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F416C895-DB9A-4BA1-BBE3-996F92B23EB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F80141EB-D1AE-4835-A236-2E91C26F69D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF9A31E1-2B51-4F6D-921B-1BDC4EC2F241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083C9C53-4678-4ECD-B534-D243B68F6D82}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{1062C41D-3B23-40F8-87E7-BD4D24AF9D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{107C7EEB-C50C-4138-AAED-40C09E0B5AAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13D479D3-92A5-4962-B98C-BC4D9AF8830E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1ABAF2A5-2F61-48F3-B14F-2F43A3C57FF0}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\launchbfii.exe |
"{213FBA5F-0DD9-48E8-9F76-4C77725BDCF4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{29A3228D-9E8B-4CB1-9361-CEFF96BACE48}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{331A92D7-0FA3-43E4-B9A6-F4611591E827}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3548D88D-D9CE-41A7-BA95-0571B09F7BE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{54A6B5D4-B9EE-4B90-9CB1-8914F6E84770}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67BC89E7-A38D-44D8-A7DB-04460D5E4293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BE4563D-2E5E-4FFA-9912-8A2CB609F4E1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{6E7AD180-7C39-4064-BA49-4799EEC0B8FE}" = protocol=17 | dir=in | app=c:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe |
"{789D9AC3-8461-4A01-8174-0DA2283F0DC8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84AC78F4-3674-4C46-8ABB-757E60A36AC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A04D0D7-1E02-480A-96D9-1DE758B8C9FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{92B5A663-15E8-45BE-87CC-430D050DDC1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93C2B68D-2537-4AAE-AC62-F498F9BEE2C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98A5F5F7-2061-4F95-AD40-C718D95230C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1DAED67-E950-4C05-9762-FD311584699D}" = protocol=6 | dir=in | app=c:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe |
"{ABDDDC69-B501-4EAF-9AEE-83DABDB44D92}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AF7A8843-2F9A-4C38-9B0B-1820461518FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA8AEC8C-3CDC-49D5-8D1F-838D306B49A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6E5C5B1-6CA1-4864-8950-3C75534211DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CAC4DF07-4BF6-435C-8404-D778316912FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA8EC56-62E9-4427-8CA2-6DB4A8244A5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8472000-3B8F-4AB9-9A62-1E3371CAA8BC}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\launchbfii.exe |
"{DFA4370F-3102-47CF-B7B3-27C7EE8FF627}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E185C587-02B4-4B19-BE67-61310011BCCF}" = protocol=6 | dir=out | app=system |
"{E602BA27-FE12-4841-AD0D-4FA6891F831F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0743F52-0468-4E9E-AD22-7B64D4923E12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FFCD8F8A-10F4-454E-B070-17E361F25D40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{28F78501-DB0E-4762-89D5-90B8B3167548}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{32585845-3403-43FA-BBF5-38ED2A3FA0B2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4ACEE912-771F-4362-A4E5-709C29E65B38}C:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{84580882-A840-4A89-A0F2-0E2D913F20FA}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{96A8CA96-521F-41EA-B34B-165BD4DB0145}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{BC38CD07-FA87-48A0-AD33-EC5481EE1A2F}C:\users\magnus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\magnus\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CC471BE7-C56D-4CA1-BC7A-65A3791BC020}C:\users\magnus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\magnus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1B2F6CD5-4A71-4F64-86DA-3EF2364358D0}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{32842B1A-18DC-4A12-AF6A-3195D1FE30F3}C:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\magnus\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3BDD8962-755B-4EAE-97C3-F293A58D42CB}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{47E55C21-B869-4AAA-9BCF-50FB8BD8CD8C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{62421BD4-9C48-4776-9959-850364DBA672}C:\users\magnus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\magnus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{92D58FCB-1025-4F5F-862F-2D2F4B3915C9}C:\users\magnus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\magnus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BD898070-0842-4CBA-9A3A-77330437CED5}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"FoozKids" = Fooz Kids
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.22.128
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"winscp3_is1" = WinSCP 5.1.1
"WTA-34b4600d-5a4a-465b-aebd-6b47a0ec7870" = Chuzzle Deluxe
"WTA-34ef79d8-bcd4-4f9a-abdf-03d8f33b51e8" = Torchlight
"WTA-38c7e206-e04a-42a6-abc1-a34e3358ba06" = Polar Bowler
"WTA-47ba9136-4aa6-49fa-98b9-af2b6a75e6f8" = Zuma Deluxe
"WTA-5ddb07d9-52d9-4164-b8bc-fbb20284ec09" = Insaniquarium Deluxe
"WTA-5f39e527-193c-49d6-9b23-88e8641f7c67" = Crazy Chicken Kart 2
"WTA-658a2118-19bf-4d00-aefd-3e9231ffac6c" = Bejeweled 2 Deluxe
"WTA-788ca9e4-f32c-4e2a-b3f6-948aec5a98ce" = Jewel Quest Solitaire
"WTA-89e42732-fca3-4f45-a243-e65119f86377" = Agatha Christie - Death on the Nile
"WTA-8d9179af-77eb-4e1e-9673-2a69c37a99f0" = Jewel Match 3
"WTA-a171555d-5f71-4ffa-9697-6a1c5e0c21c3" = John Deere Drive Green
"WTA-ad4800e1-8be6-436d-ba95-a15148acf98c" = Final Drive: Nitro
"WTA-ca709a6c-be96-4207-ac52-1ef277309f9c" = Penguins!
"WTA-d315e0a6-ea80-4876-a6a0-ba02550dd7c2" = Plants vs. Zombies - Game of the Year
"WTA-da6f7b1e-a5f6-477d-a58c-f894916304d9" = Wedding Dash
"WTA-e7bd87fa-7ed4-45ce-98c1-e245c2327385" = Virtual Villagers 4 - The Tree of Life
"WTA-f69c0916-b4f8-4099-a3ab-05400fa48901" = Slingo Deluxe
"WTA-f83b4a34-c820-4716-a6c0-8fda2f7133f6" = Mystery of Mortlake Mansion
"WTA-fcce8ca5-c6db-42ea-815a-e31282636d51" = FATE
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-C:/Users/oem/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.12.2012 06:11:49 | Computer Name = Magnus-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 08:17:00 | Computer Name = Magnus-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 08:25:31 | Computer Name = Magnus-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 05.12.2012 09:10:34 | Computer Name = Magnus-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 12:34:00 | Computer Name = Magnus-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 12:43:53 | Computer Name = Magnus-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 05.12.2012 14:04:58 | Computer Name = Magnus-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0xba0 Startzeit der fehlerhaften Anwendung: 0x01cdd313084f9b3b
Pfad
der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
478d62f4-3f06-11e2-aedf-dc0ea122d6ca
Error - 06.12.2012 04:56:49 | Computer Name = Magnus-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 04:58:41 | Computer Name = Magnus-Laptop | Source = .NET Runtime | ID = 1023
Description =
Error - 06.12.2012 04:58:42 | Computer Name = Magnus-Laptop | Source = Application Error | ID = 1000
Error - 06.12.2012 07:39:55 | Computer Name = Magnus-Laptop | Source = WinMgmt |
ID = 10
Description =
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-07 18:59:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\oem\AppData\Local\Temp\pwtdypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ee1465 2 bytes [EE, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ee14bb 2 bytes [EE, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ee1465 2 bytes [EE, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ee14bb 2 bytes [EE, 74]
.text ... * 2
.text C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe[3088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074ee1465 2 bytes [EE, 74]
.text C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe[3088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074ee14bb 2 bytes [EE, 74]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ee1465 2 bytes [EE, 74]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ee14bb 2 bytes [EE, 74]
.text ... * 2
---- EOF - GMER 2.1 ----
|
| Themen zu BDS/ZeroAccess.gen hat mich erwischt |
| adobe, antivir, autorun, avira, bds/zeroaccess.gen, bho, converter, desktop, error, eset smart security, failed, firefox, flash player, focus, format, home, homepage, install.exe, league of legends, malware, microsoft office starter 2010, mozilla, packard bell, plug-in, realtek, registry, rootkit, rundll, scan, security, spotify web helper, svchost.exe, systemcare, teamspeak, trojaner-board, udp, wildtangent games, windows, windows 7 64bit |
Baum-Darstellung