Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/dropper.gen Fund, PC wird langsamer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.07.2013, 21:04   #1
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Hallo,

Avira Antivir hat (free) auf meinem PC vor einer Weile tr/dropper.gen gefunden. Ich habe es entfernt und mit Avira und Spybot - Search & Destroy gesucht, die Scans haben nichts gefunden. Ich wollte erstmal abwarten und nun zeigen sich Leistungsverluste des Computers und langsameres Internet. Ich habe beim spielen weniger FPS und vorallem Bilder und Thumbnails werden in Firefox sehr langsam geladen. Es besteht also großer Verdacht auf Malware.

Ich weiß, dass Neuaufsetzen immer am einfachsten ist, aber ich würde das gerne vermeiden.

Avira Loddateien sind leider nur leere Dokumente, ich weiß nicht wieso.

Hier die ganzen benötigten log-Dateien:
OTL:
Zitat:
OTL logfile created on: 10.07.2013 19:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,72% Memory free
6,00 Gb Paging File | 4,03 Gb Available in Paging File | 67,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,06 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 14,61 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive E: | 49,41 Gb Total Space | 12,86 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 30,53 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive G: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.10 19:42:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.06.28 00:03:49 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.28 00:03:11 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.06.28 00:02:46 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.28 00:02:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.06.22 21:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011.06.22 21:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- F:\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- F:\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- F:\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.28 00:03:49 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.28 00:03:11 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.28 00:02:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 11:58:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.11 19:54:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.03.30 03:25:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 03:25:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 03:25:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.25 18:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 13:47:16 | 000,758,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw66x64.sys -- (hcw66xxx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 12:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 89 0F 9F 91 F1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 21:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 21:38:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013.01.13 16:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.06.29 17:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions
[2013.05.29 08:16:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.06.29 17:54:17 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions\ich@maltegoetz.de
[2013.05.09 23:18:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wa4yyx69.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.27 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.27 11:58:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] F:\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD942FA-C724-44FD-8CD3-189F7F902B00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAD37280-C63B-4B49-802D-939948C24F99}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.26 23:21:41 | 000,000,054 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5eab86ce-5d81-11e2-a5a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5eab86ce-5d81-11e2-a5a0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.07.10 19:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.10 19:42:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.10 00:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.07.10 00:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.07.08 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.07.08 21:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.07.08 21:33:18 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.06.27 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 01:13:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hex-Ray
[2013.06.27 01:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
[2013.06.27 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Guild Wars 2
[2013.06.27 00:09:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.25 21:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.23 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\RIFT
[2013.06.23 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RIFT
[2013.06.23 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.10 19:42:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.10 19:37:01 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.10 19:34:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.10 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.10 15:02:52 | 000,006,390 | ---- | M] () -- C:\Windows\SysNative\cc_20130710_150248.reg
[2013.07.10 13:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 13:03:16 | 000,294,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 13:03:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.07.10 13:03:04 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 19:19:04 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\cc_20130709_191900.reg
[2013.07.09 19:18:50 | 000,000,732 | ---- | M] () -- C:\Windows\SysNative\cc_20130709_191828.reg
[2013.07.08 21:33:21 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.05 23:55:49 | 000,926,665 | ---- | M] () -- C:\Users\***\Desktop\ME2-Checklist.pdf
[2013.06.28 00:03:55 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.27 01:12:59 | 000,000,615 | ---- | M] () -- C:\Users\***\Desktop\Hexels.exe.lnk
[2013.06.27 00:09:09 | 000,004,156 | ---- | M] () -- C:\Windows\SysNative\cc_20130627_000906.reg
[2013.06.27 00:08:55 | 000,017,130 | ---- | M] () -- C:\Windows\SysNative\cc_20130627_000827.reg
[2013.06.23 12:31:37 | 000,000,528 | ---- | M] () -- C:\Users\***\Desktop\RIFT.lnk
[2013.06.20 23:38:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.20 14:51:25 | 000,022,211 | ---- | M] () -- C:\Users\***\Documents\China 1.0.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.10 19:37:01 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.10 19:34:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.10 15:02:50 | 000,006,390 | ---- | C] () -- C:\Windows\SysNative\cc_20130710_150248.reg
[2013.07.09 19:19:02 | 000,000,206 | ---- | C] () -- C:\Windows\SysNative\cc_20130709_191900.reg
[2013.07.09 19:18:41 | 000,000,732 | ---- | C] () -- C:\Windows\SysNative\cc_20130709_191828.reg
[2013.07.08 21:33:21 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.08 21:33:21 | 000,000,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.06.27 01:12:59 | 000,000,615 | ---- | C] () -- C:\Users\***\Desktop\Hexels.exe.lnk
[2013.06.27 00:09:07 | 000,004,156 | ---- | C] () -- C:\Windows\SysNative\cc_20130627_000906.reg
[2013.06.27 00:08:42 | 000,017,130 | ---- | C] () -- C:\Windows\SysNative\cc_20130627_000827.reg
[2013.06.23 12:31:37 | 000,000,528 | ---- | C] () -- C:\Users\***\Desktop\RIFT.lnk
[2013.06.22 22:46:37 | 000,926,665 | ---- | C] () -- C:\Users\***\Desktop\ME2-Checklist.pdf
[2013.06.20 23:38:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.20 11:14:00 | 000,022,211 | ---- | C] () -- C:\Users\***\Documents\China 1.0.odt
[2013.02.14 23:36:01 | 002,194,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.13 15:59:21 | 000,004,447 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.02 16:20:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.06.27 01:13:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hex-Ray
[2013.02.09 18:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.01.13 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.01.16 23:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.06.04 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.06.23 13:25:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2013.01.17 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.07.10 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2013.03.01 18:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle

========== Purity Check ==========



< End of report >
Extra:
Zitat:
OTL Extras logfile created on: 10.07.2013 19:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,72% Memory free
6,00 Gb Paging File | 4,03 Gb Available in Paging File | 67,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,06 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 14,61 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive E: | 49,41 Gb Total Space | 12,86 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 30,53 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive G: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Spybot - Search & Destroy 2\SDTray.exe" = F:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDFSSvc.exe" = F:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdate.exe" = F:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = F:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDTray.exe" = F:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDFSSvc.exe" = F:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdate.exe" = F:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = F:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BD39D-C5F3-423F-8978-D199F99D9BF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16DA5739-A09C-460E-905E-49D1D92AA512}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD7C159-9746-441F-B73A-3BB3299CF302}" = rport=137 | protocol=17 | dir=out | app=system |
"{23FDBF16-77E6-4CC8-9241-EF703CCF4F80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39F93B1E-8DDC-487B-8EC8-EE5056A23C8D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BC08A73-917E-4E4B-A715-DC05A06B33AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5294992F-E6DE-4D66-9A2C-E9D895951A31}" = lport=56124 | protocol=6 | dir=in | name=pando media booster |
"{581424D0-FBCE-4A76-809A-E4AFECFA79F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B275AF2-D137-4957-A1F1-6BC7082B9E36}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F880E90-7FCC-4B4A-9A20-ACFEEA8BE618}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6ABBEF39-8B7B-46E0-8E68-EDBF513E6E1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F9FC3FD-44AC-432C-92BA-C5524406D884}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FCEA294-DE6C-4EA0-BB13-CCEF6CC75538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83224BE4-C2F5-459B-93AE-D599099EB006}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87FA3F90-12DE-4951-A5C3-D3DBE7856C01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8C77527F-D9AE-45D3-9857-CD7941C882B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F5E85B8-3813-4771-84A8-031377F51FDC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C0DAB43-41EC-426D-85A4-5166954BEAA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C6B8195-78ED-48D9-8D52-CF5474FDD1E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B79BA6EB-8449-4397-AE66-534FC27950FC}" = lport=56124 | protocol=17 | dir=in | name=pando media booster |
"{C22B8F21-3C9B-43FB-B395-42E7174674C7}" = lport=56124 | protocol=6 | dir=in | name=pando media booster |
"{D05C1301-0CA1-4528-8F73-B5C679FA3AE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB146FB1-9F8D-4341-9AA4-85C360478A72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9658A0A-B09A-4274-B579-352A42E3A855}" = lport=56124 | protocol=17 | dir=in | name=pando media booster |
"{EBD5B9E2-2682-4564-AE87-E9ACF687FCF3}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384C7EF-1C23-4D17-86A2-A92EEBF60E10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{107391A9-6FA3-4166-A98A-F7ED5B408B52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{129606C3-06A3-4B21-B7AA-D6537D04C14D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{14B8F9D5-72BE-4BC4-AC32-450286977E47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E2A7E09-1783-4EC5-ACD7-A27381FDD4C2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{1EF4E5F6-7A38-4584-97D4-E9C8B70DB1F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20768912-1147-42FF-8F86-D5481838E08B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{2325E927-789A-4ED2-89DC-5C8A96ED2605}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2477F642-514D-4B0F-A2CC-55923D21B965}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{253E3A4F-565A-4CE9-9DEF-78ACD9C88256}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{2E90990C-8BD3-4284-AA60-4C0AAC9AA751}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30BE25D7-8204-4E0D-B867-B1A8A7E0EED1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33833D6A-E872-402F-A3C9-9840851AC240}" = protocol=17 | dir=in | app=f:\mass effect\binaries\masseffect.exe |
"{3C577F43-687F-40B7-924D-8B0D57E9D050}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E9C1876-C71E-4524-AA42-34C1FF7B0620}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{400C2163-6C45-4375-AEAE-38EA98DC2B16}" = protocol=6 | dir=out | app=system |
"{41FF86B7-7F06-4228-A93C-D9A66732E32F}" = protocol=6 | dir=in | app=f:\mass effect\binaries\masseffect.exe |
"{47A23D8E-74C9-4CC4-A062-65CCFC982B19}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48B6EA90-DB6A-4643-AA0A-27EEA9DE2369}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64CA2287-A62F-4B9A-B083-7CB296501936}" = protocol=6 | dir=in | app=f:\origin\simcity\simcity\simcity\simcity.exe |
"{6B78F58C-6942-4718-8F8A-E696E2D8FFB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9A0E0A-D596-4F5D-8CF6-9FB07FEFE30B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6C83DA23-575E-4D0E-8429-0BCC3493785D}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{7B95B4BA-E308-49BA-A479-5A2822E6DBF9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{87D2F781-2FD7-4721-9265-06D0C7739EF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DC710F3-AE3F-4F9F-A177-BB517533B5DE}" = protocol=6 | dir=in | app=f:\mass effect\masseffectlauncher.exe |
"{8F246699-7B55-4EF1-9B2C-EBFF705E8209}" = protocol=17 | dir=in | app=f:\origin\simcity\simcity\simcity\simcity.exe |
"{90FBD260-3786-46EB-BA97-6FBB78BFBEF8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9276B80C-253C-42E1-A227-A8FC194677D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9FC572FD-2193-4CBC-ACB1-2E69C53C865E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A25D4BF9-CB9A-433F-A788-326568684AD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B25095F4-FAD4-4946-8D9D-F1C29E297BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{B5A583E3-2B20-4D63-8108-98B946D80CE5}" = protocol=17 | dir=in | app=f:\mass effect\masseffectlauncher.exe |
"{B5E1CEDA-8771-4B9F-9E6E-D64E64665CF5}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{C1968C74-5041-4074-B621-418E79B07CBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C274F51C-5F9E-4A94-94CD-8CFB3CF53284}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9CCFA6F-EBD2-4B97-9FFB-341A94FA3903}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{CE6D9096-4423-4616-A667-C0B6000D177C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{DA69FA1E-F78F-445D-9AAB-E301315DFFAB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{DE578EAA-6CC5-4CB5-B863-FF754F62529E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB25AE58-6E15-46FC-9345-037751B44C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F097B09C-D413-42C1-BB71-598DD88AE59C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{FDCE8737-F6FF-4CCB-93FF-B20A6C816A01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{69B156C1-87D7-4F2A-8E57-E54B367EAAFB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B911E743-7833-458E-AF01-C725CE80A44A}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{412A16B2-C6A4-457E-971F-372DDB2C60F4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6FD8C432-01DE-4211-BA6B-7F186733F1C7}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10813B5C-D346-C028-5550-220FA31EC809}" = AMD Catalyst Install Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CPUCooL" = CPUCooL (remove only)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Security Task Manager" = Security Task Manager 1.8g
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"RIFT" = RIFT

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.06.2013 20:59:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x10dc Startzeit der fehlerhaften Anwendung: 0x01ce69f5f83a3b88 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
09862fce-d620-11e2-84c9-0021853f16c4

Error - 25.06.2013 20:38:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xcb8 Startzeit der fehlerhaften Anwendung: 0x01ce719d821a1678 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
b970af60-ddf8-11e2-b8e5-0021853f16c4

Error - 27.06.2013 18:01:41 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0x01ce7315f6cf8a09 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
24f8e0dc-df75-11e2-8933-0021853f16c4

Error - 30.06.2013 12:30:25 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b8 Startzeit:
01ce75aec7b9bd78 Endzeit: 27 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID:
5bb036fd-e1a2-11e2-aebe-0021853f16c4

Error - 30.06.2013 12:33:56 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2c4 Startzeit:
01ce75af21f1a559 Endzeit: 51 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID:
d9c36288-e1a2-11e2-aebe-0021853f16c4

Error - 30.06.2013 12:52:23 | Computer Name = ***-PC | Source = ESENT | ID = 489
Description = taskhost (2644) Versuch, Datei "C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 30.06.2013 15:37:22 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cc4 Startzeit:
01ce75c8e38f7082 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID:
78f0032d-e1bc-11e2-be5c-0021853f16c4

Error - 02.07.2013 13:36:22 | Computer Name = ***-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 04.07.2013 07:34:47 | Computer Name = ***-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 04.07.2013 21:15:05 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0002bf67 ID des fehlerhaften Prozesses: 0xca4 Startzeit der fehlerhaften Anwendung:
0x01ce7906721117b2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Berichtskennung:
52b37a3a-e510-11e2-87d9-0021853f16c4

Error - 09.07.2013 19:42:05 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
TAP-Win32 Adapter V9 (Tunngle). System Error: Das System kann die angegebene Datei
nicht finden. .

[ System Events ]
Error - 07.07.2013 14:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 07.07.2013 19:47:58 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)

Error - 08.07.2013 06:13:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 08.07.2013 06:13:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 08.07.2013 07:26:39 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)

Error - 08.07.2013 14:39:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 08.07.2013 14:39:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 08.07.2013 19:07:14 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)

Error - 09.07.2013 06:37:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.

Error - 09.07.2013 06:37:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053


< End of report >
Gmer:
Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-10 21:35:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-7 WDC_WD2500AAJS-00B4A0 rev.01.03A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\ufriafog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 64 bytes [00, 00, 15, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e01042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076dc1465 2 bytes [DC, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076dc14bb 2 bytes [DC, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [356:2812] 000007fefc0a4164
Thread C:\Windows\system32\svchost.exe [356:220] 000007fef81a1ab0
Thread C:\Windows\System32\spoolsv.exe [1348:4324] 000007fee86710c8
Thread C:\Windows\System32\spoolsv.exe [1348:1808] 000007fee8636144
Thread C:\Windows\System32\spoolsv.exe [1348:4316] 000007feea365fd0
Thread C:\Windows\System32\spoolsv.exe [1348:4304] 000007fee8613438
Thread C:\Windows\System32\spoolsv.exe [1348:4296] 000007feea3663ec
Thread C:\Windows\System32\spoolsv.exe [1348:1800] 000007fee9ce5e5c
Thread C:\Windows\System32\spoolsv.exe [1348:2540] 000007fee8725074

---- EOF - GMER 2.1 ----
Danke schonmal für eine erste Enschätzung der Lage und für die Hilfe die ich hoffentlich bekomme.

Gruß,
BluesClues

Alt 10.07.2013, 21:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.07.2013, 21:40   #3
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Was kann man bislang sagen?

Danke auf jeden Fall schonmal.

Hier die Logs.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 10-07-2013 22:29:58
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
MountPoints2: {5eab86ce-5d81-11e2-a5a0-806e6f6e6963} - G:\autorun.exe -auto
HKLM-x32\...\Run: [Driver Genius] -  [x]
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKCU - {B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 ufriafog; \??\C:\Users\***\AppData\Local\Temp\ufriafog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-08 22:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 21:36 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 20:07 - 2013-01-13 15:06 - 01344375 ____A C:\Windows\WindowsUpdate.log
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:06 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:09 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:09 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:03 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-10 13:03 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-10 13:03 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:11 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 13:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Additional:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 03
Ran by *** at 2013-07-10 22:30:31
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Catalyst Install Manager (Version: 8.0.903.0)
Ask Toolbar (x32 Version: 1.15.26.0)
Assassin's Creed(R) III v1.03 (x32 Version: 1.03)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
CameraHelperMsi (x32 Version: 13.30.1395.0)
Core Temp 1.0 RC4 (Version: 1.0)
CPUCooL (remove only) (x32)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Driver Genius Professional Edition (x32 Version: 11.0)
eaner (Version: 4.01)
erLT (x32 Version: 1.20.138.34)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Fraps (remove only) (x32)
Geeks3D.com FurMark 1.10.4 (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
League of Legends (x32 Version: 1.3)
Logitech Webcam-Software (x32 Version: 2.30)
LWS Facebook (x32 Version: 13.30.1346.0)
LWS Gallery (x32 Version: 13.30.1379.0)
LWS Help_main (x32 Version: 13.30.1396.0)
LWS Launcher (x32 Version: 13.30.1379.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.30.1395.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.30.1379.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.30.1346.0)
Mass Effect (x32 Version: 1.00)
Mass Effect 2 (x32 Version: 1.02)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.13.85)
Pando Media Booster (x32 Version: 2.6.0.8)
Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6788)
RIFT (HKCU)
Security Task Manager 1.8g (x32 Version: 1.8g)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.3 (x32 Version: 6.3.105)
Spybot - Search & Destroy (x32 Version: 2.1.19)
TeamSpeak 3 Client (Version: 3.0.10.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Uplay (x32 Version: 2.0)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17D7DDD3-6B52-4D27-BB76-4427EAA83C0D} - System32\Tasks\{7A23F785-271F-4047-8A6E-FBF8715014C7} => C:\Mass Effect\Binaries\MassEffect.exe No File
Task: {31721937-6B2E-46CC-BDB5-8B2DB9341DDF} - System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {32A3C6AD-466D-41CA-AE92-3C4A29CA0A58} - System32\Tasks\{C6844345-D2A3-4E4F-8637-78224401D125} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {4925A241-6A10-4778-9A46-5A2899CC656D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {51C1C537-FC98-42D8-B0AB-61660CB71C66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {5378DAB4-7C0C-45E9-B969-3867EBCB9DB7} - System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {6D18CFBF-3D87-41F8-BE68-0B24B3A43E87} - System32\Tasks\{CEFE1BC6-C1BD-4C89-81F1-3693FD0CF66C} => C:\Riot Games\League of Legends\lol.launcher.exe No File
Task: {8BD35342-49EF-4263-86C9-6CCCD02C2F46} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {9E0252AE-D5C5-43AD-8256-89030CF6CFAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {9FAD3E4C-6442-40F4-8973-12B931A854EB} - System32\Tasks\{A774A555-ED91-40C1-8830-8EBED39930FC} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {AE744950-261F-4B86-9770-76A211285801} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {BCF8FF99-38A3-4F74-8094-BAC9DA62912F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {C71122A7-F6D5-41E7-891E-447C71535044} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {CD3D18FB-1A39-4081-A51A-EA96800225C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {D0F0F242-6E6F-4C54-9AC9-62D7EEF8FA7E} - System32\Tasks\{23423DAB-6DC7-4493-A44E-F37520E66639} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {D4369E6C-79EF-4B1D-8C91-1136CEFB1300} - System32\Tasks\{AF1197B7-EFAA-4ED6-81BD-BDB69B1B70DF} => C:\Riot Games\League of Legends\lol.launcher.exe No File
Task: {EB52248E-068A-4564-AB6A-5A19252BDEB9} - System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {EEDF86F6-5C2D-4C42-B654-0D1FFB388571} - System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F} => C:\Die Liga der Legenden\League of Legends\lol.launcher.exe No File
Task: {FDC20074-8B21-4910-A1A6-84C824DF3ABE} - System32\Tasks\{433C2AB3-CF82-43AA-B8E3-2F8B116F85D8} => C:\Users\***\Downloads\texmod\Texmod.exe [2013-04-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2013 01:42:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary TAP-Win32 Adapter V9 (Tunngle).

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (07/05/2013 03:15:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002bf67
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2
Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3

Error: (07/04/2013 01:34:47 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (07/02/2013 07:36:22 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (06/30/2013 09:37:22 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cc4

Startzeit: 01ce75c8e38f7082

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID: 78f0032d-e1bc-11e2-be5c-0021853f16c4

Error: (06/30/2013 06:52:23 PM) (Source: ESENT) (User: )
Description: taskhost (2644) Versuch, Datei "C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (06/30/2013 06:33:56 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2c4

Startzeit: 01ce75af21f1a559

Endzeit: 51

Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID: d9c36288-e1a2-11e2-aebe-0021853f16c4

Error: (06/30/2013 06:30:25 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9b8

Startzeit: 01ce75aec7b9bd78

Endzeit: 27

Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID: 5bb036fd-e1a2-11e2-aebe-0021853f16c4

Error: (06/28/2013 00:01:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (06/26/2013 02:38:31 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (07/10/2013 08:26:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/10/2013 01:06:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/10/2013 01:06:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/10/2013 01:04:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/10/2013 01:04:15 PM) (Source: W3SVC) (User: )
Description: Der WWW-Publishingdienst (WWW-Dienst) konnte das URL-Präfix "hxxp://*:80/" für die Website "1" nicht registrieren. Die Website wurde deaktiviert. Das Datenfeld enthält die Fehlernummer.

Error: (07/10/2013 01:04:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/10/2013 01:04:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (07/10/2013 01:03:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CPUCooLServer Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/10/2013 01:42:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)

Error: (07/10/2013 00:12:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (07/10/2013 01:42:05 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary TAP-Win32 Adapter V9 (Tunngle).

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (07/05/2013 03:15:05 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447c00000050002bf67ca401ce7906721117b2C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe52b37a3a-e510-11e2-87d9-0021853f16c4

Error: (07/04/2013 01:34:47 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (07/02/2013 07:36:22 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (06/30/2013 09:37:22 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.16cc401ce75c8e38f708230C:\Program Files (x86)\Java\jre7\bin\javaw.exe78f0032d-e1bc-11e2-be5c-0021853f16c4

Error: (06/30/2013 06:52:23 PM) (Source: ESENT)(User: )
Description: taskhost2644C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (06/30/2013 06:33:56 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.162c401ce75af21f1a55951C:\Program Files (x86)\Java\jre7\bin\javaw.exed9c36288-e1a2-11e2-aebe-0021853f16c4

Error: (06/30/2013 06:30:25 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.169b801ce75aec7b9bd7827C:\Program Files (x86)\Java\jre7\bin\javaw.exe5bb036fd-e1a2-11e2-aebe-0021853f16c4

Error: (06/28/2013 00:01:41 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c9789128801ce7315f6cf8a09C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll24f8e0dc-df75-11e2-8933-0021853f16c4

Error: (06/26/2013 02:38:31 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c9789cb801ce719d821a1678C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllb970af60-ddf8-11e2-b8e5-0021853f16c4


==================== Memory info =========================== 

Percentage of memory in use: 72%
Total physical RAM: 3071.3 MB
Available physical RAM: 838.69 MB
Total Pagefile: 6140.79 MB
Available Pagefile: 3052.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:6.35 GB) NTFS (Disk=1 Partition=2)
Drive d: (Daten3) (Fixed) (Total:43.95 GB) (Free:14.61 GB) NTFS (Disk=0 Partition=1)
Drive e: (Daten2) (Fixed) (Total:49.41 GB) (Free:12.86 GB) NTFS (Disk=0 Partition=2)
Drive f: (Programme) (Fixed) (Total:135.22 GB) (Free:30.53 GB) NTFS (Disk=1 Partition=3)
Drive g: (MassEffect2) (CDROM) (Total:7.3 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 406A4069)
Partition 1: (Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0AFC0AFB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
__________________

Alt 11.07.2013, 07:45   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Das der Rechner wenigstens ein wenig verseucht ist
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.07.2013, 12:29   #5
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Also immerhin nicht schlimmer als erwartet

Combofix:
Code:
ATTFilter
ComboFix 13-07-09.01 - *** 11.07.2013  13:08:26.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1233 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-11 bis 2013-07-11  ))))))))))))))))))))))))))))))
.
.
2013-07-11 11:15 . 2013-07-11 11:15	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-11 11:15 . 2013-07-11 11:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-10 20:29 . 2013-07-10 20:29	--------	d-----w-	C:\FRST
2013-07-10 13:02 . 2013-07-10 13:02	6390	----a-w-	c:\windows\system32\cc_20130710_150248.reg
2013-07-09 22:03 . 2013-07-10 12:53	--------	d-----w-	c:\programdata\SecTaskMan
2013-07-09 17:19 . 2013-07-09 17:19	206	----a-w-	c:\windows\system32\cc_20130709_191900.reg
2013-07-09 17:18 . 2013-07-09 17:18	732	----a-w-	c:\windows\system32\cc_20130709_191828.reg
2013-07-08 19:33 . 2013-07-11 11:05	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-07-08 19:33 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-07-05 15:56 . 2013-07-05 15:56	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-05 15:56 . 2013-07-05 15:56	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-05 15:56 . 2013-07-05 15:56	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-26 23:13 . 2013-06-26 23:13	--------	d-----w-	c:\users\***\AppData\Roaming\Hex-Ray
2013-06-26 22:09 . 2013-06-26 22:09	4156	----a-w-	c:\windows\system32\cc_20130627_000906.reg
2013-06-26 22:08 . 2013-06-26 22:08	17130	----a-w-	c:\windows\system32\cc_20130627_000827.reg
2013-06-25 19:38 . 2013-06-26 00:39	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-06-23 10:31 . 2013-06-23 11:25	--------	d-----w-	c:\users\***\AppData\Roaming\RIFT
2013-06-20 20:20 . 2013-06-20 20:20	--------	d-----w-	c:\users\DefaultAppPool
2013-06-19 08:07 . 2013-06-12 19:47	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-12 22:00 . 2013-05-17 01:25	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 16:09 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 16:09 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 16:09 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 16:09 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 16:09 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 16:09 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 16:09 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 16:09 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 16:08 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 16:08 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 16:08 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 16:08 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 16:08 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 16:08 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 16:08 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 16:08 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 16:08 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-12 16:08 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 16:08 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:03 . 2013-05-06 11:15	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-12 22:01 . 2009-10-14 05:12	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 19:48 . 2013-01-20 15:09	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2013-01-20 15:09	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-11 17:54 . 2013-01-13 14:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 17:54 . 2013-01-13 14:53	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-24 22:39 . 2013-05-24 22:39	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-24 22:39 . 2013-05-24 22:39	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-24 22:39 . 2013-05-24 22:39	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-24 22:39 . 2013-05-24 22:39	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-24 22:39 . 2013-05-24 22:39	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-24 22:39 . 2013-05-24 22:39	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-24 22:39 . 2013-05-24 22:39	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-24 22:39 . 2013-05-24 22:39	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-24 22:39 . 2013-05-24 22:39	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-24 22:39 . 2013-05-24 22:39	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-24 22:39 . 2013-05-24 22:39	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-24 22:39 . 2013-05-24 22:39	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-24 22:39 . 2013-05-24 22:39	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-24 22:39 . 2013-05-24 22:39	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-24 22:39 . 2013-05-24 22:39	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-24 22:39 . 2013-05-24 22:39	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-24 22:39 . 2013-05-24 22:39	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-24 22:39 . 2013-05-24 22:39	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-24 22:39 . 2013-05-24 22:39	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-24 22:39 . 2013-05-24 22:39	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-24 22:39 . 2013-05-24 22:39	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-24 22:39 . 2013-05-24 22:39	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-24 22:39 . 2013-05-24 22:39	441856	----a-w-	c:\windows\system32\html.iec
2013-05-24 22:39 . 2013-05-24 22:39	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-24 22:39 . 2013-05-24 22:39	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-24 22:39 . 2013-05-24 22:39	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-24 22:39 . 2013-05-24 22:39	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-24 22:39 . 2013-05-24 22:39	235008	----a-w-	c:\windows\system32\url.dll
2013-05-24 22:39 . 2013-05-24 22:39	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-24 22:39 . 2013-05-24 22:39	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-24 22:39 . 2013-05-24 22:39	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-24 22:39 . 2013-05-24 22:39	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-24 22:39 . 2013-05-24 22:39	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-24 22:39 . 2013-05-24 22:39	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-24 22:39 . 2013-05-24 22:39	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-24 22:39 . 2013-05-24 22:39	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-24 22:39 . 2013-05-24 22:39	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-24 22:39 . 2013-05-24 22:39	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-24 22:39 . 2013-05-24 22:39	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-24 22:39 . 2013-05-24 22:39	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-24 22:39 . 2013-05-24 22:39	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-24 22:39 . 2013-05-24 22:39	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-24 22:39 . 2013-05-24 22:39	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-24 22:39 . 2013-05-24 22:39	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-24 22:39 . 2013-05-24 22:39	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-24 22:39 . 2013-05-24 22:39	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-24 22:39 . 2013-05-24 22:39	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-24 22:39 . 2013-05-24 22:39	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-24 22:39 . 2013-05-24 22:39	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-15 13:53	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:53	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:53	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:53	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:53	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:53	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:25	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-13 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="f:\spybot - search & destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;f:\spybot - search & destroy 2\SDFSSvc.exe;f:\spybot - search & destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;f:\spybot - search & destroy 2\SDUpdSvc.exe;f:\spybot - search & destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;f:\spybot - search & destroy 2\SDWSCSvc.exe;f:\spybot - search & destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66x64.sys;c:\windows\SYSNATIVE\Drivers\hcw66x64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-19 13260944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Driver Genius - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2442960156-312391059-597007993-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,d5,33,50,aa,32,75,d3,d4,e9,6f,c3,9b,2f,f2,e0,0a,9e,f3,e3,4b,
   eb,30,2e,f5,9f,d4,38,7a,77,7a,e6,95,e4,80,70,8f,d9,d9,f6,eb,dc,b4,f9,9c,92,\
"rkeysecu"=hex:40,81,14,47,1a,d2,c6,82,b7,52,80,e7,12,e0,36,e7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-11  13:25:30
ComboFix-quarantined-files.txt  2013-07-11 11:25
.
Vor Suchlauf: 5.861.228.544 Bytes frei
Nach Suchlauf: 5.702.488.064 Bytes frei
.
- - End Of File - - A88BF803D7CAF5E2C789A6A6B5A3B315
72B8CE41AF0DE751C946802B3ED844B4
         


Alt 11.07.2013, 12:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> TR/dropper.gen Fund, PC wird langsamer

Alt 11.07.2013, 13:31   #7
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



So, mal sehen da haben wir:

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 11/07/2013 um 14:09:28 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]

*************************

AdwCleaner[S1].txt - [7703 octets] - [11/07/2013 14:09:28]

########## EOF - C:\AdwCleaner[S1].txt - [7763 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Ultimate x64
Ran by *** on 11.07.2013 at 14:16:38,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wa4yyx69.default\minidumps [104 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.07.2013 at 14:20:31,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 11-07-2013 14:21:49
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
S2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:06 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 13:06 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 13:06 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 13:03 - 2013-07-11 13:26 - 00000000 ____D C:\Qoobox
2013-07-11 13:02 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 14:11 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-10 22:30 - 2013-07-10 23:36 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-11 13:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-11 14:22 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:12 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:11 - 2013-07-11 12:54 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 14:11 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 14:11 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-11 14:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:10 - 2013-01-13 15:06 - 01695050 ____A C:\Windows\WindowsUpdate.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 13:26 - 2013-07-11 13:03 - 00000000 ____D C:\Qoobox
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-11 13:22 - 2013-07-11 13:02 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-11 13:05 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-11 02:15 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 23:36 - 2013-07-10 22:30 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 13:01

==================== End Of Log ============================
         
--- --- ---

Alt 11.07.2013, 13:32   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.07.2013, 19:24   #9
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Hallo,

ESEt hat mir kein Log gespeichert, ich glaube ich hab beim schließen von Programm was verhunzt, es hat aber keine Viren gefunden.
Der Scan hat ~4 Stunden gedauert, kann ihn bei Bedarf nochmal laufen lassen, schaff ich heute aber nicht mehr.

Der Security Scan gibt mir folgende Fehlermeldung:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Das FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 11-07-2013 20:16:08
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
S2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 14:47 - 2013-07-11 14:47 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 14:45 - 2013-07-11 14:45 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:06 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 13:06 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 13:06 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 13:03 - 2013-07-11 13:26 - 00000000 ____D C:\Qoobox
2013-07-11 13:02 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 14:11 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-10 22:30 - 2013-07-10 23:36 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-11 13:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-11 20:16 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 19:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 16:12 - 2013-01-13 15:06 - 01711206 ____A C:\Windows\WindowsUpdate.log
2013-07-11 14:47 - 2013-07-11 14:47 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 14:45 - 2013-07-11 14:45 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-11 14:25 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:11 - 2013-07-11 12:54 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 14:11 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 14:11 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-11 14:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:26 - 2013-07-11 13:03 - 00000000 ____D C:\Qoobox
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-11 13:22 - 2013-07-11 13:02 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-11 13:05 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-11 02:15 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 23:36 - 2013-07-10 22:30 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 13:01

==================== End Of Log ============================
         
--- --- ---


Internetgeschwindigkeit ist schon wieder normal, hab keine weißen Thumbnails auf YouTube mehr etc., sieht so aus als ginge es wieder normal. Spielen konnte ich noch nicht, aber das wird wohl auch wieder normal gehen.

Vielen Dank schonmal, ich bin echt beeindruckt von der Geschwindigkeit und dem Service hier. Wirklich überzeugend

Gruß,
BluesClues

Alt 11.07.2013, 19:33   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.07.2013, 13:40   #11
BluesClues
 
TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Hallo nochmal,

es scheint alles wieder normal zu laufen. Vielen Dank.

Ich lasse hier nochmal ein fixes Lob da, ich bin wirklich beeindruckt von Geschwindigkeit, Freundlichkeit und dem restliches Service. Gute Arbeit

Auch Danke für die ganzen Tipps und nützlichen Programme.

Weiter so,

BluesClues

Alt 12.07.2013, 16:39   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TR/dropper.gen Fund, PC wird langsamer - Standard

TR/dropper.gen Fund, PC wird langsamer



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/dropper.gen Fund, PC wird langsamer
7-zip, adobe, adobe reader xi, antivir, autorun, avg, avira searchfree toolbar, bho, driver genius, error, firefox, flash player, format, google, homepage, iexplore.exe, install.exe, league of legends, logfile, malware, mozilla, plug-in, programm, realtek, registry, rundll, safer networking, security, sehr langsam, software, spielen, svchost.exe, system error, teamspeak, tr/dropper.gen, udp, windows




Ähnliche Themen: TR/dropper.gen Fund, PC wird langsamer


  1. User verunsichert nach PUA Fund und langsamer OnlineBanking Session
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (9)
  2. Win7 wird immer langsamer und Norton wird ab und an doppelt autogestartet
    Log-Analyse und Auswertung - 17.10.2014 (9)
  3. Windows7 - TR/Dropper.Gen Fund
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (24)
  4. Windows wird einfach beendet, Computer wird immer langsamer.....
    Log-Analyse und Auswertung - 21.04.2014 (5)
  5. Windows reagiert nach kleinigkeiten nicht mehr.Dropper.gen fund.
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (7)
  6. Windows 7: Trojan.Dropper.SP + weiterer Fund
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (13)
  7. AVG-Fund JS/Dropper - Fehlalarm?
    Log-Analyse und Auswertung - 10.04.2013 (5)
  8. Trojan.Dropper Fund von Malwarebytes in TrueImage-Backup?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (23)
  9. Fund von dropper.gen, sinowal und exdoer mit Antivir
    Log-Analyse und Auswertung - 04.09.2011 (6)
  10. TR/Dropper.Gen-Avira Fund - Malwarebytes Log negativ
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (1)
  11. Internet geht nur ab und zu / System langsamer -> Vorher Virus-Fund
    Log-Analyse und Auswertung - 20.06.2010 (2)
  12. TR/Dropper.Gen-Fund... Was tun?
    Plagegeister aller Art und deren Bekämpfung - 15.10.2009 (1)
  13. Fund mehrerer Trojaner auf Büro-PC (trojan.dropper / .agent / .crypt)
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (3)
  14. Antivir Fund: TR/DROPPER.GEN
    Mülltonne - 31.10.2008 (0)
  15. rechner wird langsamer wen verbindung mit dem internet hergestellt wird
    Log-Analyse und Auswertung - 24.08.2008 (9)
  16. TR/Dropper.Gen Avira Fund
    Plagegeister aller Art und deren Bekämpfung - 24.07.2008 (7)
  17. PC wird langsamer und langsamer und langsamer ...
    Log-Analyse und Auswertung - 21.10.2007 (4)

Zum Thema TR/dropper.gen Fund, PC wird langsamer - Hallo, Avira Antivir hat (free) auf meinem PC vor einer Weile tr/dropper.gen gefunden. Ich habe es entfernt und mit Avira und Spybot - Search & Destroy gesucht, die Scans haben - TR/dropper.gen Fund, PC wird langsamer...
Archiv
Du betrachtest: TR/dropper.gen Fund, PC wird langsamer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.