| |  TR/dropper.gen Fund, PC wird langsamer
 Hallo,
Avira Antivir hat (free) auf meinem PC vor einer Weile tr/dropper.gen gefunden. Ich habe es entfernt und mit Avira und Spybot - Search & Destroy gesucht, die Scans haben nichts gefunden. Ich wollte erstmal abwarten und nun zeigen sich Leistungsverluste des Computers und langsameres Internet. Ich habe beim spielen weniger FPS und vorallem Bilder und Thumbnails werden in Firefox sehr langsam geladen. Es besteht also großer Verdacht auf Malware.
Ich weiß, dass Neuaufsetzen immer am einfachsten ist, aber ich würde das gerne vermeiden.
Avira Loddateien sind leider nur leere Dokumente, ich weiß nicht wieso.
Hier die ganzen benötigten log-Dateien:
OTL: Zitat:
OTL logfile created on: 10.07.2013 19:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,72% Memory free
6,00 Gb Paging File | 4,03 Gb Available in Paging File | 67,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,06 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 14,61 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive E: | 49,41 Gb Total Space | 12,86 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 30,53 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive G: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.10 19:42:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.06.28 00:03:49 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.28 00:03:11 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.06.28 00:02:46 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.28 00:02:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.06.22 21:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011.06.22 21:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\***\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- F:\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- F:\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- F:\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.28 00:03:49 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.28 00:03:11 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.28 00:02:46 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 11:58:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.11 19:54:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.30 03:25:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.30 03:25:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.30 03:25:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.25 18:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 13:47:16 | 000,758,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw66x64.sys -- (hcw66xxx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 12:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 89 0F 9F 91 F1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B868B95F-F19D-4CD6-BE5C-FA233BBBE7DD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=276b5609-6bed-4863-abc6-f8c0ea2b862d&apn_ptnrs=%5EAGS&apn_sauid=5190372A-DDF1-4A76-994A-748116EF39AA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 21:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 21:38:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013.01.13 16:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.06.29 17:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions
[2013.05.29 08:16:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.06.29 17:54:17 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wa4yyx69.default\extensions\ich@maltegoetz.de
[2013.05.09 23:18:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wa4yyx69.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.27 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.27 11:58:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] F:\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD942FA-C724-44FD-8CD3-189F7F902B00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAD37280-C63B-4B49-802D-939948C24F99}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.26 23:21:41 | 000,000,054 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5eab86ce-5d81-11e2-a5a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5eab86ce-5d81-11e2-a5a0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.07.10 19:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.10 19:42:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.10 00:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.07.10 00:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.07.08 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.07.08 21:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.07.08 21:33:18 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.06.27 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 01:13:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hex-Ray
[2013.06.27 01:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hexels
[2013.06.27 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Guild Wars 2
[2013.06.27 00:09:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.25 21:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.23 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\RIFT
[2013.06.23 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RIFT
[2013.06.23 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.10 19:42:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.10 19:37:01 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.10 19:34:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.10 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.10 15:02:52 | 000,006,390 | ---- | M] () -- C:\Windows\SysNative\cc_20130710_150248.reg
[2013.07.10 13:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 13:03:16 | 000,294,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 13:03:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.07.10 13:03:04 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 19:19:04 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\cc_20130709_191900.reg
[2013.07.09 19:18:50 | 000,000,732 | ---- | M] () -- C:\Windows\SysNative\cc_20130709_191828.reg
[2013.07.08 21:33:21 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.05 23:55:49 | 000,926,665 | ---- | M] () -- C:\Users\***\Desktop\ME2-Checklist.pdf
[2013.06.28 00:03:55 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.27 01:12:59 | 000,000,615 | ---- | M] () -- C:\Users\***\Desktop\Hexels.exe.lnk
[2013.06.27 00:09:09 | 000,004,156 | ---- | M] () -- C:\Windows\SysNative\cc_20130627_000906.reg
[2013.06.27 00:08:55 | 000,017,130 | ---- | M] () -- C:\Windows\SysNative\cc_20130627_000827.reg
[2013.06.23 12:31:37 | 000,000,528 | ---- | M] () -- C:\Users\***\Desktop\RIFT.lnk
[2013.06.20 23:38:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.20 14:51:25 | 000,022,211 | ---- | M] () -- C:\Users\***\Documents\China 1.0.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.10 19:37:01 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.10 19:34:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.10 15:02:50 | 000,006,390 | ---- | C] () -- C:\Windows\SysNative\cc_20130710_150248.reg
[2013.07.09 19:19:02 | 000,000,206 | ---- | C] () -- C:\Windows\SysNative\cc_20130709_191900.reg
[2013.07.09 19:18:41 | 000,000,732 | ---- | C] () -- C:\Windows\SysNative\cc_20130709_191828.reg
[2013.07.08 21:33:21 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.08 21:33:21 | 000,000,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.06.27 01:12:59 | 000,000,615 | ---- | C] () -- C:\Users\***\Desktop\Hexels.exe.lnk
[2013.06.27 00:09:07 | 000,004,156 | ---- | C] () -- C:\Windows\SysNative\cc_20130627_000906.reg
[2013.06.27 00:08:42 | 000,017,130 | ---- | C] () -- C:\Windows\SysNative\cc_20130627_000827.reg
[2013.06.23 12:31:37 | 000,000,528 | ---- | C] () -- C:\Users\***\Desktop\RIFT.lnk
[2013.06.22 22:46:37 | 000,926,665 | ---- | C] () -- C:\Users\***\Desktop\ME2-Checklist.pdf
[2013.06.20 23:38:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.06.20 11:14:00 | 000,022,211 | ---- | C] () -- C:\Users\***\Documents\China 1.0.odt
[2013.02.14 23:36:01 | 002,194,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.13 15:59:21 | 000,004,447 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.07.02 16:20:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.06.27 01:13:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hex-Ray
[2013.02.09 18:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.01.13 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.01.16 23:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.06.04 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.06.23 13:25:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2013.01.17 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.07.10 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2013.03.01 18:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
========== Purity Check ==========
< End of report >
| Extra: Zitat:
OTL Extras logfile created on: 10.07.2013 19:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,72% Memory free
6,00 Gb Paging File | 4,03 Gb Available in Paging File | 67,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,06 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 14,61 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive E: | 49,41 Gb Total Space | 12,86 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 30,53 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive G: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Spybot - Search & Destroy 2\SDTray.exe" = F:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDFSSvc.exe" = F:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdate.exe" = F:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = F:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDTray.exe" = F:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDFSSvc.exe" = F:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdate.exe" = F:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"F:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = F:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BD39D-C5F3-423F-8978-D199F99D9BF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16DA5739-A09C-460E-905E-49D1D92AA512}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD7C159-9746-441F-B73A-3BB3299CF302}" = rport=137 | protocol=17 | dir=out | app=system |
"{23FDBF16-77E6-4CC8-9241-EF703CCF4F80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39F93B1E-8DDC-487B-8EC8-EE5056A23C8D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BC08A73-917E-4E4B-A715-DC05A06B33AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5294992F-E6DE-4D66-9A2C-E9D895951A31}" = lport=56124 | protocol=6 | dir=in | name=pando media booster |
"{581424D0-FBCE-4A76-809A-E4AFECFA79F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B275AF2-D137-4957-A1F1-6BC7082B9E36}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F880E90-7FCC-4B4A-9A20-ACFEEA8BE618}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6ABBEF39-8B7B-46E0-8E68-EDBF513E6E1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F9FC3FD-44AC-432C-92BA-C5524406D884}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FCEA294-DE6C-4EA0-BB13-CCEF6CC75538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83224BE4-C2F5-459B-93AE-D599099EB006}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87FA3F90-12DE-4951-A5C3-D3DBE7856C01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8C77527F-D9AE-45D3-9857-CD7941C882B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F5E85B8-3813-4771-84A8-031377F51FDC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C0DAB43-41EC-426D-85A4-5166954BEAA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C6B8195-78ED-48D9-8D52-CF5474FDD1E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B79BA6EB-8449-4397-AE66-534FC27950FC}" = lport=56124 | protocol=17 | dir=in | name=pando media booster |
"{C22B8F21-3C9B-43FB-B395-42E7174674C7}" = lport=56124 | protocol=6 | dir=in | name=pando media booster |
"{D05C1301-0CA1-4528-8F73-B5C679FA3AE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB146FB1-9F8D-4341-9AA4-85C360478A72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9658A0A-B09A-4274-B579-352A42E3A855}" = lport=56124 | protocol=17 | dir=in | name=pando media booster |
"{EBD5B9E2-2682-4564-AE87-E9ACF687FCF3}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384C7EF-1C23-4D17-86A2-A92EEBF60E10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{107391A9-6FA3-4166-A98A-F7ED5B408B52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{129606C3-06A3-4B21-B7AA-D6537D04C14D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{14B8F9D5-72BE-4BC4-AC32-450286977E47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E2A7E09-1783-4EC5-ACD7-A27381FDD4C2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{1EF4E5F6-7A38-4584-97D4-E9C8B70DB1F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20768912-1147-42FF-8F86-D5481838E08B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{2325E927-789A-4ED2-89DC-5C8A96ED2605}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2477F642-514D-4B0F-A2CC-55923D21B965}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{253E3A4F-565A-4CE9-9DEF-78ACD9C88256}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{2E90990C-8BD3-4284-AA60-4C0AAC9AA751}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30BE25D7-8204-4E0D-B867-B1A8A7E0EED1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33833D6A-E872-402F-A3C9-9840851AC240}" = protocol=17 | dir=in | app=f:\mass effect\binaries\masseffect.exe |
"{3C577F43-687F-40B7-924D-8B0D57E9D050}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E9C1876-C71E-4524-AA42-34C1FF7B0620}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{400C2163-6C45-4375-AEAE-38EA98DC2B16}" = protocol=6 | dir=out | app=system |
"{41FF86B7-7F06-4228-A93C-D9A66732E32F}" = protocol=6 | dir=in | app=f:\mass effect\binaries\masseffect.exe |
"{47A23D8E-74C9-4CC4-A062-65CCFC982B19}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48B6EA90-DB6A-4643-AA0A-27EEA9DE2369}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64CA2287-A62F-4B9A-B083-7CB296501936}" = protocol=6 | dir=in | app=f:\origin\simcity\simcity\simcity\simcity.exe |
"{6B78F58C-6942-4718-8F8A-E696E2D8FFB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9A0E0A-D596-4F5D-8CF6-9FB07FEFE30B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6C83DA23-575E-4D0E-8429-0BCC3493785D}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{7B95B4BA-E308-49BA-A479-5A2822E6DBF9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{87D2F781-2FD7-4721-9265-06D0C7739EF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DC710F3-AE3F-4F9F-A177-BB517533B5DE}" = protocol=6 | dir=in | app=f:\mass effect\masseffectlauncher.exe |
"{8F246699-7B55-4EF1-9B2C-EBFF705E8209}" = protocol=17 | dir=in | app=f:\origin\simcity\simcity\simcity\simcity.exe |
"{90FBD260-3786-46EB-BA97-6FBB78BFBEF8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9276B80C-253C-42E1-A227-A8FC194677D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9FC572FD-2193-4CBC-ACB1-2E69C53C865E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A25D4BF9-CB9A-433F-A788-326568684AD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B25095F4-FAD4-4946-8D9D-F1C29E297BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{B5A583E3-2B20-4D63-8108-98B946D80CE5}" = protocol=17 | dir=in | app=f:\mass effect\masseffectlauncher.exe |
"{B5E1CEDA-8771-4B9F-9E6E-D64E64665CF5}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{C1968C74-5041-4074-B621-418E79B07CBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C274F51C-5F9E-4A94-94CD-8CFB3CF53284}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9CCFA6F-EBD2-4B97-9FFB-341A94FA3903}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{CE6D9096-4423-4616-A667-C0B6000D177C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{DA69FA1E-F78F-445D-9AAB-E301315DFFAB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{DE578EAA-6CC5-4CB5-B863-FF754F62529E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB25AE58-6E15-46FC-9345-037751B44C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F097B09C-D413-42C1-BB71-598DD88AE59C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{FDCE8737-F6FF-4CCB-93FF-B20A6C816A01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{69B156C1-87D7-4F2A-8E57-E54B367EAAFB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B911E743-7833-458E-AF01-C725CE80A44A}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{412A16B2-C6A4-457E-971F-372DDB2C60F4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6FD8C432-01DE-4211-BA6B-7F186733F1C7}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10813B5C-D346-C028-5550-220FA31EC809}" = AMD Catalyst Install Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CPUCooL" = CPUCooL (remove only)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Security Task Manager" = Security Task Manager 1.8g
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"RIFT" = RIFT
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2013 20:59:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x10dc Startzeit der fehlerhaften Anwendung: 0x01ce69f5f83a3b88 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
09862fce-d620-11e2-84c9-0021853f16c4
Error - 25.06.2013 20:38:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xcb8 Startzeit der fehlerhaften Anwendung: 0x01ce719d821a1678 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
b970af60-ddf8-11e2-b8e5-0021853f16c4
Error - 27.06.2013 18:01:41 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0x01ce7315f6cf8a09 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
24f8e0dc-df75-11e2-8933-0021853f16c4
Error - 30.06.2013 12:30:25 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b8 Startzeit:
01ce75aec7b9bd78 Endzeit: 27 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID:
5bb036fd-e1a2-11e2-aebe-0021853f16c4
Error - 30.06.2013 12:33:56 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2c4 Startzeit:
01ce75af21f1a559 Endzeit: 51 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID:
d9c36288-e1a2-11e2-aebe-0021853f16c4
Error - 30.06.2013 12:52:23 | Computer Name = ***-PC | Source = ESENT | ID = 489
Description = taskhost (2644) Versuch, Datei "C:\Users\***\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 30.06.2013 15:37:22 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cc4 Startzeit:
01ce75c8e38f7082 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID:
78f0032d-e1bc-11e2-be5c-0021853f16c4
Error - 02.07.2013 13:36:22 | Computer Name = ***-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 04.07.2013 07:34:47 | Computer Name = ***-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 04.07.2013 21:15:05 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0002bf67 ID des fehlerhaften Prozesses: 0xca4 Startzeit der fehlerhaften Anwendung:
0x01ce7906721117b2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Berichtskennung:
52b37a3a-e510-11e2-87d9-0021853f16c4
Error - 09.07.2013 19:42:05 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
TAP-Win32 Adapter V9 (Tunngle). System Error: Das System kann die angegebene Datei
nicht finden. .
[ System Events ]
Error - 07.07.2013 14:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 07.07.2013 19:47:58 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
Error - 08.07.2013 06:13:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.07.2013 06:13:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.07.2013 07:26:39 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
Error - 08.07.2013 14:39:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.07.2013 14:39:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.07.2013 19:07:14 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
Error - 09.07.2013 06:37:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.
Error - 09.07.2013 06:37:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
| Gmer: Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-10 21:35:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-7 WDC_WD2500AAJS-00B4A0 rev.01.03A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\ufriafog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 64 bytes [00, 00, 15, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e01042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076dc1465 2 bytes [DC, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076dc14bb 2 bytes [DC, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [356:2812] 000007fefc0a4164
Thread C:\Windows\system32\svchost.exe [356:220] 000007fef81a1ab0
Thread C:\Windows\System32\spoolsv.exe [1348:4324] 000007fee86710c8
Thread C:\Windows\System32\spoolsv.exe [1348:1808] 000007fee8636144
Thread C:\Windows\System32\spoolsv.exe [1348:4316] 000007feea365fd0
Thread C:\Windows\System32\spoolsv.exe [1348:4304] 000007fee8613438
Thread C:\Windows\System32\spoolsv.exe [1348:4296] 000007feea3663ec
Thread C:\Windows\System32\spoolsv.exe [1348:1800] 000007fee9ce5e5c
Thread C:\Windows\System32\spoolsv.exe [1348:2540] 000007fee8725074
---- EOF - GMER 2.1 ----
| Danke schonmal für eine erste Enschätzung der Lage und für die Hilfe die ich hoffentlich bekomme.
Gruß,
BluesClues
|
10.07.2013, 21:04
Baum-Darstellung