| |
| |||||||
Log-Analyse und Auswertung: TR/dropper.gen Fund, PC wird langsamerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.07.2013, 21:04
| #1 | |||
 |  TR/dropper.gen Fund, PC wird langsamer Hallo, Avira Antivir hat (free) auf meinem PC vor einer Weile tr/dropper.gen gefunden. Ich habe es entfernt und mit Avira und Spybot - Search & Destroy gesucht, die Scans haben nichts gefunden. Ich wollte erstmal abwarten und nun zeigen sich Leistungsverluste des Computers und langsameres Internet. Ich habe beim spielen weniger FPS und vorallem Bilder und Thumbnails werden in Firefox sehr langsam geladen. Es besteht also großer Verdacht auf Malware. Ich weiß, dass Neuaufsetzen immer am einfachsten ist, aber ich würde das gerne vermeiden. Avira Loddateien sind leider nur leere Dokumente, ich weiß nicht wieso. Hier die ganzen benötigten log-Dateien: OTL: Zitat:
Zitat:
Zitat:
Gruß, BluesClues |
|
10.07.2013, 21:08
| #2 |
| /// the machine /// TB-Ausbilder    | TR/dropper.gen Fund, PC wird langsamer hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.07.2013, 21:40
| #3 |
| | TR/dropper.gen Fund, PC wird langsamer Was kann man bislang sagen?
__________________Danke auf jeden Fall schonmal. Hier die Logs. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 10-07-2013 22:29:58
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
MountPoints2: {5eab86ce-5d81-11e2-a5a0-806e6f6e6963} - G:\autorun.exe -auto
HKLM-x32\...\Run: [Driver Genius] - [x]
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKCU - {B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 ufriafog; \??\C:\Users\***\AppData\Local\Temp\ufriafog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-08 22:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 21:36 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 20:07 - 2013-01-13 15:06 - 01344375 ____A C:\Windows\WindowsUpdate.log
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:06 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:09 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:09 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:03 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-10 13:03 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-10 13:03 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:11 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:01
==================== End Of Log ============================
--- --- --- --- --- --- Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 03
Ran by *** at 2013-07-10 22:30:31
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Catalyst Install Manager (Version: 8.0.903.0)
Ask Toolbar (x32 Version: 1.15.26.0)
Assassin's Creed(R) III v1.03 (x32 Version: 1.03)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
CameraHelperMsi (x32 Version: 13.30.1395.0)
Core Temp 1.0 RC4 (Version: 1.0)
CPUCooL (remove only) (x32)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Driver Genius Professional Edition (x32 Version: 11.0)
eaner (Version: 4.01)
erLT (x32 Version: 1.20.138.34)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Fraps (remove only) (x32)
Geeks3D.com FurMark 1.10.4 (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
League of Legends (x32 Version: 1.3)
Logitech Webcam-Software (x32 Version: 2.30)
LWS Facebook (x32 Version: 13.30.1346.0)
LWS Gallery (x32 Version: 13.30.1379.0)
LWS Help_main (x32 Version: 13.30.1396.0)
LWS Launcher (x32 Version: 13.30.1379.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.30.1395.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.30.1379.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.30.1346.0)
Mass Effect (x32 Version: 1.00)
Mass Effect 2 (x32 Version: 1.02)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.13.85)
Pando Media Booster (x32 Version: 2.6.0.8)
Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6788)
RIFT (HKCU)
Security Task Manager 1.8g (x32 Version: 1.8g)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.3 (x32 Version: 6.3.105)
Spybot - Search & Destroy (x32 Version: 2.1.19)
TeamSpeak 3 Client (Version: 3.0.10.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Uplay (x32 Version: 2.0)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {17D7DDD3-6B52-4D27-BB76-4427EAA83C0D} - System32\Tasks\{7A23F785-271F-4047-8A6E-FBF8715014C7} => C:\Mass Effect\Binaries\MassEffect.exe No File
Task: {31721937-6B2E-46CC-BDB5-8B2DB9341DDF} - System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {32A3C6AD-466D-41CA-AE92-3C4A29CA0A58} - System32\Tasks\{C6844345-D2A3-4E4F-8637-78224401D125} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {4925A241-6A10-4778-9A46-5A2899CC656D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {51C1C537-FC98-42D8-B0AB-61660CB71C66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {5378DAB4-7C0C-45E9-B969-3867EBCB9DB7} - System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {6D18CFBF-3D87-41F8-BE68-0B24B3A43E87} - System32\Tasks\{CEFE1BC6-C1BD-4C89-81F1-3693FD0CF66C} => C:\Riot Games\League of Legends\lol.launcher.exe No File
Task: {8BD35342-49EF-4263-86C9-6CCCD02C2F46} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {9E0252AE-D5C5-43AD-8256-89030CF6CFAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {9FAD3E4C-6442-40F4-8973-12B931A854EB} - System32\Tasks\{A774A555-ED91-40C1-8830-8EBED39930FC} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {AE744950-261F-4B86-9770-76A211285801} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {BCF8FF99-38A3-4F74-8094-BAC9DA62912F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {C71122A7-F6D5-41E7-891E-447C71535044} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {CD3D18FB-1A39-4081-A51A-EA96800225C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {D0F0F242-6E6F-4C54-9AC9-62D7EEF8FA7E} - System32\Tasks\{23423DAB-6DC7-4493-A44E-F37520E66639} => C:\Mass Effect\MassEffectLauncher.exe No File
Task: {D4369E6C-79EF-4B1D-8C91-1136CEFB1300} - System32\Tasks\{AF1197B7-EFAA-4ED6-81BD-BDB69B1B70DF} => C:\Riot Games\League of Legends\lol.launcher.exe No File
Task: {EB52248E-068A-4564-AB6A-5A19252BDEB9} - System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD} => C:\Origin\SimCity\SimCity\SimCity\SimCity.exe No File
Task: {EEDF86F6-5C2D-4C42-B654-0D1FFB388571} - System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F} => C:\Die Liga der Legenden\League of Legends\lol.launcher.exe No File
Task: {FDC20074-8B21-4910-A1A6-84C824DF3ABE} - System32\Tasks\{433C2AB3-CF82-43AA-B8E3-2F8B116F85D8} => C:\Users\***\Downloads\texmod\Texmod.exe [2013-04-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2013 01:42:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary TAP-Win32 Adapter V9 (Tunngle).
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (07/05/2013 03:15:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002bf67
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2
Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3
Error: (07/04/2013 01:34:47 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (07/02/2013 07:36:22 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (06/30/2013 09:37:22 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cc4
Startzeit: 01ce75c8e38f7082
Endzeit: 30
Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID: 78f0032d-e1bc-11e2-be5c-0021853f16c4
Error: (06/30/2013 06:52:23 PM) (Source: ESENT) (User: )
Description: taskhost (2644) Versuch, Datei "C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (06/30/2013 06:33:56 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2c4
Startzeit: 01ce75af21f1a559
Endzeit: 51
Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID: d9c36288-e1a2-11e2-aebe-0021853f16c4
Error: (06/30/2013 06:30:25 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9b8
Startzeit: 01ce75aec7b9bd78
Endzeit: 27
Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID: 5bb036fd-e1a2-11e2-aebe-0021853f16c4
Error: (06/28/2013 00:01:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (06/26/2013 02:38:31 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (07/10/2013 08:26:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/10/2013 01:06:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/10/2013 01:06:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/10/2013 01:04:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:80
Error: (07/10/2013 01:04:15 PM) (Source: W3SVC) (User: )
Description: Der WWW-Publishingdienst (WWW-Dienst) konnte das URL-Präfix "hxxp://*:80/" für die Website "1" nicht registrieren. Die Website wurde deaktiviert. Das Datenfeld enthält die Fehlernummer.
Error: (07/10/2013 01:04:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/10/2013 01:04:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (07/10/2013 01:03:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CPUCooLServer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/10/2013 01:42:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
Error: (07/10/2013 00:12:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (07/10/2013 01:42:05 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TAP-Win32 Adapter V9 (Tunngle).
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (07/05/2013 03:15:05 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447c00000050002bf67ca401ce7906721117b2C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe52b37a3a-e510-11e2-87d9-0021853f16c4
Error: (07/04/2013 01:34:47 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (07/02/2013 07:36:22 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (06/30/2013 09:37:22 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.16cc401ce75c8e38f708230C:\Program Files (x86)\Java\jre7\bin\javaw.exe78f0032d-e1bc-11e2-be5c-0021853f16c4
Error: (06/30/2013 06:52:23 PM) (Source: ESENT)(User: )
Description: taskhost2644C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/30/2013 06:33:56 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.162c401ce75af21f1a55951C:\Program Files (x86)\Java\jre7\bin\javaw.exed9c36288-e1a2-11e2-aebe-0021853f16c4
Error: (06/30/2013 06:30:25 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.169b801ce75aec7b9bd7827C:\Program Files (x86)\Java\jre7\bin\javaw.exe5bb036fd-e1a2-11e2-aebe-0021853f16c4
Error: (06/28/2013 00:01:41 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c9789128801ce7315f6cf8a09C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll24f8e0dc-df75-11e2-8933-0021853f16c4
Error: (06/26/2013 02:38:31 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c9789cb801ce719d821a1678C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllb970af60-ddf8-11e2-b8e5-0021853f16c4
==================== Memory info ===========================
Percentage of memory in use: 72%
Total physical RAM: 3071.3 MB
Available physical RAM: 838.69 MB
Total Pagefile: 6140.79 MB
Available Pagefile: 3052.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.56 GB) (Free:6.35 GB) NTFS (Disk=1 Partition=2)
Drive d: (Daten3) (Fixed) (Total:43.95 GB) (Free:14.61 GB) NTFS (Disk=0 Partition=1)
Drive e: (Daten2) (Fixed) (Total:49.41 GB) (Free:12.86 GB) NTFS (Disk=0 Partition=2)
Drive f: (Programme) (Fixed) (Total:135.22 GB) (Free:30.53 GB) NTFS (Disk=1 Partition=3)
Drive g: (MassEffect2) (CDROM) (Total:7.3 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 406A4069)
Partition 1: (Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0AFC0AFB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.07.2013, 07:45
| #4 | |
| /// the machine /// TB-Ausbilder | TR/dropper.gen Fund, PC wird langsamer Das der Rechner wenigstens ein wenig verseucht ist  Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 12:29
| #5 |
| | TR/dropper.gen Fund, PC wird langsamer Also immerhin nicht schlimmer als erwartet  Combofix: Code:
ATTFilter ComboFix 13-07-09.01 - *** 11.07.2013 13:08:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.1233 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-11 bis 2013-07-11 ))))))))))))))))))))))))))))))
.
.
2013-07-11 11:15 . 2013-07-11 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-11 11:15 . 2013-07-11 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 20:29 . 2013-07-10 20:29 -------- d-----w- C:\FRST
2013-07-10 13:02 . 2013-07-10 13:02 6390 ----a-w- c:\windows\system32\cc_20130710_150248.reg
2013-07-09 22:03 . 2013-07-10 12:53 -------- d-----w- c:\programdata\SecTaskMan
2013-07-09 17:19 . 2013-07-09 17:19 206 ----a-w- c:\windows\system32\cc_20130709_191900.reg
2013-07-09 17:18 . 2013-07-09 17:18 732 ----a-w- c:\windows\system32\cc_20130709_191828.reg
2013-07-08 19:33 . 2013-07-11 11:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-08 19:33 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-07-05 15:56 . 2013-07-05 15:56 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-05 15:56 . 2013-07-05 15:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-05 15:56 . 2013-07-05 15:56 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-26 23:13 . 2013-06-26 23:13 -------- d-----w- c:\users\***\AppData\Roaming\Hex-Ray
2013-06-26 22:09 . 2013-06-26 22:09 4156 ----a-w- c:\windows\system32\cc_20130627_000906.reg
2013-06-26 22:08 . 2013-06-26 22:08 17130 ----a-w- c:\windows\system32\cc_20130627_000827.reg
2013-06-25 19:38 . 2013-06-26 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-23 10:31 . 2013-06-23 11:25 -------- d-----w- c:\users\***\AppData\Roaming\RIFT
2013-06-20 20:20 . 2013-06-20 20:20 -------- d-----w- c:\users\DefaultAppPool
2013-06-19 08:07 . 2013-06-12 19:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-12 22:00 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 16:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 16:09 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 16:09 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 16:09 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 16:09 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 16:09 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 16:09 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 16:09 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 16:08 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 16:08 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 16:08 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 16:08 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 16:08 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 16:08 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 16:08 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 16:08 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 16:08 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 16:08 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 16:08 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:03 . 2013-05-06 11:15 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-12 22:01 . 2009-10-14 05:12 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 19:48 . 2013-01-20 15:09 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2013-01-20 15:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-11 17:54 . 2013-01-13 14:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 17:54 . 2013-01-13 14:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-24 22:39 . 2013-05-24 22:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-24 22:39 . 2013-05-24 22:39 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-24 22:39 . 2013-05-24 22:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-24 22:39 . 2013-05-24 22:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-24 22:39 . 2013-05-24 22:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-24 22:39 . 2013-05-24 22:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-24 22:39 . 2013-05-24 22:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-24 22:39 . 2013-05-24 22:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-24 22:39 . 2013-05-24 22:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-24 22:39 . 2013-05-24 22:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-24 22:39 . 2013-05-24 22:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-24 22:39 . 2013-05-24 22:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-24 22:39 . 2013-05-24 22:39 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-24 22:39 . 2013-05-24 22:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-24 22:39 . 2013-05-24 22:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-24 22:39 . 2013-05-24 22:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-24 22:39 . 2013-05-24 22:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-24 22:39 . 2013-05-24 22:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-24 22:39 . 2013-05-24 22:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-24 22:39 . 2013-05-24 22:39 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-24 22:39 . 2013-05-24 22:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-24 22:39 . 2013-05-24 22:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-24 22:39 . 2013-05-24 22:39 441856 ----a-w- c:\windows\system32\html.iec
2013-05-24 22:39 . 2013-05-24 22:39 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-24 22:39 . 2013-05-24 22:39 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-24 22:39 . 2013-05-24 22:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-24 22:39 . 2013-05-24 22:39 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-24 22:39 . 2013-05-24 22:39 235008 ----a-w- c:\windows\system32\url.dll
2013-05-24 22:39 . 2013-05-24 22:39 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-24 22:39 . 2013-05-24 22:39 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-24 22:39 . 2013-05-24 22:39 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-24 22:39 . 2013-05-24 22:39 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-24 22:39 . 2013-05-24 22:39 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-24 22:39 . 2013-05-24 22:39 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-24 22:39 . 2013-05-24 22:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-24 22:39 . 2013-05-24 22:39 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-24 22:39 . 2013-05-24 22:39 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-24 22:39 . 2013-05-24 22:39 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-24 22:39 . 2013-05-24 22:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-24 22:39 . 2013-05-24 22:39 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-24 22:39 . 2013-05-24 22:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-24 22:39 . 2013-05-24 22:39 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-24 22:39 . 2013-05-24 22:39 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-24 22:39 . 2013-05-24 22:39 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-24 22:39 . 2013-05-24 22:39 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-24 22:39 . 2013-05-24 22:39 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-24 22:39 . 2013-05-24 22:39 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-24 22:39 . 2013-05-24 22:39 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-24 22:39 . 2013-05-24 22:39 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-15 13:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:53 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:25 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-13 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="f:\spybot - search & destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;f:\spybot - search & destroy 2\SDFSSvc.exe;f:\spybot - search & destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;f:\spybot - search & destroy 2\SDUpdSvc.exe;f:\spybot - search & destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;f:\spybot - search & destroy 2\SDWSCSvc.exe;f:\spybot - search & destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66x64.sys;c:\windows\SYSNATIVE\Drivers\hcw66x64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-19 13260944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Driver Genius - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2442960156-312391059-597007993-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,d5,33,50,aa,32,75,d3,d4,e9,6f,c3,9b,2f,f2,e0,0a,9e,f3,e3,4b,
eb,30,2e,f5,9f,d4,38,7a,77,7a,e6,95,e4,80,70,8f,d9,d9,f6,eb,dc,b4,f9,9c,92,\
"rkeysecu"=hex:40,81,14,47,1a,d2,c6,82,b7,52,80,e7,12,e0,36,e7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-11 13:25:30
ComboFix-quarantined-files.txt 2013-07-11 11:25
.
Vor Suchlauf: 5.861.228.544 Bytes frei
Nach Suchlauf: 5.702.488.064 Bytes frei
.
- - End Of File - - A88BF803D7CAF5E2C789A6A6B5A3B315
72B8CE41AF0DE751C946802B3ED844B4
|
|
11.07.2013, 12:57
| #6 |
| /// the machine /// TB-Ausbilder | TR/dropper.gen Fund, PC wird langsamer Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> TR/dropper.gen Fund, PC wird langsamer |
|
11.07.2013, 13:31
| #7 |
| | TR/dropper.gen Fund, PC wird langsamer So, mal sehen da haben wir: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 11/07/2013 um 14:09:28 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
*************************
AdwCleaner[S1].txt - [7703 octets] - [11/07/2013 14:09:28]
########## EOF - C:\AdwCleaner[S1].txt - [7763 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Ultimate x64
Ran by *** on 11.07.2013 at 14:16:38,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wa4yyx69.default\minidumps [104 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.07.2013 at 14:20:31,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 11-07-2013 14:21:49
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
S2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:06 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 13:06 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 13:06 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 13:03 - 2013-07-11 13:26 - 00000000 ____D C:\Qoobox
2013-07-11 13:02 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 14:11 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-10 22:30 - 2013-07-10 23:36 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-11 13:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 14:22 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:12 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:11 - 2013-07-11 12:54 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 14:11 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 14:11 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-11 14:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:10 - 2013-01-13 15:06 - 01695050 ____A C:\Windows\WindowsUpdate.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 13:26 - 2013-07-11 13:03 - 00000000 ____D C:\Qoobox
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-11 13:22 - 2013-07-11 13:02 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-11 13:05 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-11 02:15 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 23:36 - 2013-07-10 22:30 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:01
==================== End Of Log ============================
|
|
11.07.2013, 13:32
| #8 |
| /// the machine /// TB-Ausbilder | TR/dropper.gen Fund, PC wird langsamerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 19:24
| #9 |
| | TR/dropper.gen Fund, PC wird langsamer Hallo, ESEt hat mir kein Log gespeichert, ich glaube ich hab beim schließen von Programm was verhunzt, es hat aber keine Viren gefunden. Der Scan hat ~4 Stunden gedauert, kann ihn bei Bedarf nochmal laufen lassen, schaff ich heute aber nicht mehr. Der Security Scan gibt mir folgende Fehlermeldung: UNSUPPORTED OPERATING SYSTEM! ABORTED! Das FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by *** (administrator) on 11-07-2013 20:16:08
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Safer-Networking Ltd.) F:\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13260944 2012-11-20] (Realtek Semiconductor)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - "F:\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wa4yyx69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-28] (Avira Operations GmbH & Co. KG)
S2 SDScannerService; F:\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; F:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; F:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 14:47 - 2013-07-11 14:47 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 14:45 - 2013-07-11 14:45 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:06 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 13:06 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 13:06 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 13:06 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 13:03 - 2013-07-11 13:26 - 00000000 ____D C:\Qoobox
2013-07-11 13:02 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 14:11 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-10 22:30 - 2013-07-10 23:36 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:35 - 2013-07-10 21:36 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 19:55 - 2013-07-10 20:50 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:53 - 2013-07-10 20:55 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 00:03 - 2013-07-10 14:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 22:23 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130708-222347.backup
2013-07-08 21:33 - 2013-07-11 13:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:33 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-08 21:30 - 2013-07-08 21:31 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 18:20 - 2013-07-10 19:39 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-06-30 16:08 - 2013-07-01 00:56 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:10 - 2013-06-27 01:11 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:15 - 2013-06-27 01:23 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 13:25 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 11:14 - 2013-06-20 14:51 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 10:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 10:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 10:06 - 2013-06-19 10:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 01:32 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 01:32 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 01:32 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 01:32 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 01:32 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 01:32 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 01:32 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-13 23:39 - 2013-06-13 23:42 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 00:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 00:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 00:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 00:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 18:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 18:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 18:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 18:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 18:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 20:16 - 2013-01-13 17:14 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 19:54 - 2013-01-13 16:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 16:12 - 2013-01-13 15:06 - 01711206 ____A C:\Windows\WindowsUpdate.log
2013-07-11 14:47 - 2013-07-11 14:47 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 14:45 - 2013-07-11 14:45 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-11 14:25 - 2013-01-13 17:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-11 14:20 - 2013-07-11 14:20 - 00001544 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:17 - 2009-07-14 06:45 - 00014016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:16 - 2013-07-11 14:16 - 00007796 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 14:11 - 2013-07-11 14:11 - 00000552 ____A C:\Windows\PFRO.log
2013-07-11 14:11 - 2013-07-11 12:54 - 00000112 ____A C:\Windows\setupact.log
2013-07-11 14:11 - 2013-02-11 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 14:11 - 2013-02-09 18:44 - 00000000 ____A C:\Windows\system32\Drivers\lvuvc.hs
2013-07-11 14:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:09 - 2013-07-11 14:09 - 00007824 ____A C:\AdwCleaner[S1].txt
2013-07-11 14:07 - 2013-07-11 14:07 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 14:07 - 2013-07-11 14:07 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:26 - 2013-07-11 13:03 - 00000000 ____D C:\Qoobox
2013-07-11 13:25 - 2013-07-11 13:25 - 00018036 ____A C:\ComboFix.txt
2013-07-11 13:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-11 13:22 - 2013-07-11 13:02 - 00000000 ____D C:\Windows\erdnt
2013-07-11 13:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-11 13:05 - 2013-07-08 21:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-11 13:00 - 2013-07-11 13:00 - 05087643 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-11 12:54 - 2013-07-11 12:54 - 00000000 ____A C:\Windows\setuperr.log
2013-07-11 02:15 - 2013-01-13 17:10 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 23:36 - 2013-07-10 22:30 - 00018779 ____A C:\Users\***\Desktop\Addition.txt
2013-07-10 22:29 - 2013-07-10 22:29 - 00000000 ____D C:\FRST
2013-07-10 22:28 - 2013-07-10 22:28 - 01776951 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-10 21:36 - 2013-07-10 21:35 - 00002538 ____A C:\Users\***\Desktop\gmer.txt
2013-07-10 20:59 - 2013-07-10 20:59 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-10 20:55 - 2013-07-10 19:53 - 00071430 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-10 20:50 - 2013-07-10 19:55 - 00064020 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-10 19:46 - 2013-01-13 16:20 - 00003826 ____A C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-10 19:43 - 2013-01-13 17:14 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-10 19:42 - 2013-07-10 19:42 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-10 19:41 - 2013-02-09 18:20 - 00009097 ____A C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-10 19:39 - 2013-06-30 18:20 - 00000000 ____D C:\Users\***\Downloads\Minecraft Forge 1.5.2
2013-07-10 19:37 - 2013-07-10 19:37 - 00000476 ____A C:\Users\***\Desktop\defogger_disable.log
2013-07-10 19:37 - 2013-07-10 19:37 - 00000000 ____A C:\Users\***\defogger_reenable
2013-07-10 19:37 - 2013-01-13 15:16 - 00000000 ____D C:\Users\***
2013-07-10 19:34 - 2013-07-10 19:34 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-07-10 15:02 - 2013-07-10 15:02 - 00006390 ____A C:\Windows\system32\cc_20130710_150248.reg
2013-07-10 14:59 - 2013-05-04 20:54 - 00000000 ____D C:\Users\***\AppData\Local\DoNotTrackPlus
2013-07-10 14:53 - 2013-07-10 00:03 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-10 14:50 - 2013-01-13 17:03 - 00064024 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-10 13:03 - 2009-07-14 06:45 - 00294184 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 00:02 - 2013-07-10 00:02 - 02365840 ____A C:\Users\***\Downloads\SecurityTaskManager_Setup.exe
2013-07-09 19:19 - 2013-07-09 19:19 - 00000206 ____A C:\Windows\system32\cc_20130709_191900.reg
2013-07-09 19:18 - 2013-07-09 19:18 - 00000732 ____A C:\Windows\system32\cc_20130709_191828.reg
2013-07-08 21:33 - 2013-07-08 21:33 - 00000851 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-08 21:33 - 2013-07-08 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-08 21:31 - 2013-07-08 21:30 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.1.exe
2013-07-08 20:36 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 03:12 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{9276B647-086B-485C-AB14-B22E9B01239B}
2013-07-02 18:21 - 2013-07-02 18:21 - 00002964 ____A C:\Windows\System32\Tasks\{80E762AF-30F6-4464-A08A-7F0FEE57C457}
2013-07-02 18:18 - 2013-07-02 18:18 - 00002964 ____A C:\Windows\System32\Tasks\{EA66F68A-C392-4568-A057-5C0B96247BAD}
2013-07-02 16:20 - 2013-02-25 14:05 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-07-01 00:56 - 2013-06-30 16:08 - 00000000 ____D C:\Users\***\Downloads\SkyBlock2.1
2013-07-01 00:52 - 2013-07-01 00:52 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1(1).zip
2013-06-30 19:28 - 2013-06-30 19:28 - 00002992 ____A C:\Windows\System32\Tasks\{5491ED29-58DE-494F-AB15-6FE9723B926F}
2013-06-30 14:58 - 2013-06-30 14:58 - 02104188 ____A C:\Users\***\Downloads\SkyBlock2.1.zip
2013-06-28 00:03 - 2013-05-06 13:15 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 01:23 - 2013-06-27 00:15 - 00000000 ____D C:\Users\***\Documents\Guild Wars 2
2013-06-27 01:13 - 2013-06-27 01:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Hex-Ray
2013-06-27 01:12 - 2013-06-27 01:12 - 00000615 ____A C:\Users\***\Desktop\Hexels.exe.lnk
2013-06-27 01:12 - 2013-06-27 01:12 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
2013-06-27 01:11 - 2013-06-27 01:10 - 10573963 ____A C:\Users\***\Downloads\HexelsInstaller.exe
2013-06-27 00:09 - 2013-06-27 00:09 - 00004156 ____A C:\Windows\system32\cc_20130627_000906.reg
2013-06-27 00:09 - 2013-06-27 00:09 - 00000000 ____D C:\Windows\pss
2013-06-27 00:09 - 2013-01-13 15:17 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-27 00:08 - 2013-06-27 00:08 - 00017130 ____A C:\Windows\system32\cc_20130627_000827.reg
2013-06-27 00:07 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2013-06-24 18:23 - 2013-06-24 18:23 - 01799465 ____A C:\Users\***\Downloads\mcpatcher-3.0.4_01.exe
2013-06-23 13:25 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\RIFT
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Users\***\Documents\RIFT
2013-06-23 12:31 - 2013-06-23 12:31 - 00000528 ____A C:\Users\***\Desktop\RIFT.lnk
2013-06-23 12:31 - 2013-06-23 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-06-23 12:29 - 2013-06-23 12:29 - 19331736 ____A (Trion Worlds Inc.) C:\Users\***\Downloads\RIFT-Install.exe
2013-06-22 22:44 - 2013-01-13 17:07 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-06-20 23:38 - 2013-06-20 23:38 - 00000910 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-06-20 22:20 - 2013-06-20 22:20 - 00000020 __ASH C:\Users\DefaultAppPool\ntuser.ini
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Vorlagen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Startmenü
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Netzwerkumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Lokale Einstellungen
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Eigene Dateien
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Druckumgebung
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Musik
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Documents\Eigene Bilder
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Verlauf
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 __SHD C:\Users\DefaultAppPool\Anwendungsdaten
2013-06-20 22:20 - 2013-06-20 22:20 - 00000000 ____D C:\Users\DefaultAppPool
2013-06-20 22:07 - 2013-06-20 22:07 - 03461416 ____A C:\Users\***\Downloads\LeagueofLegends.exe
2013-06-20 14:51 - 2013-06-20 11:14 - 00022211 ____A C:\Users\***\Documents\China 1.0.odt
2013-06-19 10:07 - 2013-06-19 10:06 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 22:42 - 2013-05-10 15:15 - 00000000 ____D C:\Users\***\Documents\Back Up
2013-06-17 13:41 - 2013-03-04 17:46 - 00000000 ____D C:\Users\***\Documents\Schule
2013-06-14 20:50 - 2013-06-14 20:50 - 00001809 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_CON_Pack02.log
2013-06-14 20:50 - 2013-04-10 10:43 - 00005441 ____A C:\Users\***\Documents\Mass Effect 2 1.02.log
2013-06-14 11:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 23:42 - 2013-06-13 23:39 - 00001861 ____A C:\Users\***\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2013-06-13 00:01 - 2009-10-14 07:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2013-01-20 17:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2013-01-20 17:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 10:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 10:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 10:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:54 - 2013-01-13 16:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:54 - 2013-01-13 16:53 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:01
==================== End Of Log ============================
Internetgeschwindigkeit ist schon wieder normal, hab keine weißen Thumbnails auf YouTube mehr etc., sieht so aus als ginge es wieder normal. Spielen konnte ich noch nicht, aber das wird wohl auch wieder normal gehen. Vielen Dank schonmal, ich bin echt beeindruckt von der Geschwindigkeit und dem Service hier. Wirklich überzeugend Gruß, BluesClues |
|
11.07.2013, 19:33
| #10 |
| /// the machine /// TB-Ausbilder | TR/dropper.gen Fund, PC wird langsamer Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.07.2013, 13:40
| #11 |
| | TR/dropper.gen Fund, PC wird langsamer Hallo nochmal, es scheint alles wieder normal zu laufen. Vielen Dank.  Ich lasse hier nochmal ein fixes Lob da, ich bin wirklich beeindruckt von Geschwindigkeit, Freundlichkeit und dem restliches Service. Gute Arbeit Auch Danke für die ganzen Tipps und nützlichen Programme. Weiter so, BluesClues |
|
12.07.2013, 16:39
| #12 |
| /// the machine /// TB-Ausbilder | TR/dropper.gen Fund, PC wird langsamer Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/dropper.gen Fund, PC wird langsamer |
| 7-zip, adobe, adobe reader xi, antivir, autorun, avg, avira searchfree toolbar, bho, driver genius, error, firefox, flash player, format, google, homepage, iexplore.exe, install.exe, league of legends, logfile, malware, mozilla, plug-in, programm, realtek, registry, rundll, safer networking, security, sehr langsam, software, spielen, svchost.exe, system error, teamspeak, tr/dropper.gen, udp, windows |
Linear-Darstellung
