| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infektion: Firefox stürzt ab; Virusseiten werden geblockt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2013, 11:56
| #1 |
| |  Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Hallo, gestern meldete sich die eigentlich deaktivierte Windows firewall mit dem Hinweis, daß der Zugriff eines Programmes beschränkt werden soll: Pfad: C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe Danach war Firefox nicht mehr nutzbar, es stürzt ab. Ein Virenscan mit dem installierten Avira war ohne Befund. Der Versuch einen Onlinescanner aufzurufen mittels IE wird blockiert. Andere Seiten sind aufrufbar mit dem IE. Ich habe die Anweisungen eures Eingangsposts Schritt für Schritt befolgt: 1. Defogger: Check; keine Sondermeldung, kein Neustart etc erforderlich. 2. OTL: Check (siehe unten) 3. Gmer: Fehlermeldung beim Starten (Als Admin): windows/system32/config/system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwedet wird. OK Änderungen im Programm wie vorgegeben gemacht und scan gestartet. Scanner stürzt nach ca 20 sekunden ab. Avira ist deaktiviert, lediglich der IE war offen beim Scan. Da sitze ich nun, und hoffe, daß ihr mir helfen könnt :-D Grüße ArrowII OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 11:31:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free 31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe PRC - [2013.02.08 12:05:52 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 15:53:30 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\65984247e3e77b0d6fad25ee68f34664\System.Web.ni.dll MOD - [2013.02.19 15:53:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.02 08:41:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.02 08:41:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.02 02:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.02 02:59:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.02 02:59:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.02 02:59:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013.02.02 02:59:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.02 02:59:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.02 02:59:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- E:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.05 18:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.15 19:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Amazon.de: Günstige Preise für Elektronik & Foto, Filme, Musik, Bücher, Games, Spielzeug & mehr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 9D EE F3 26 11 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100007 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: "109.74.134.246" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "109.74.134.246" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "109.74.134.246" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "109.74.134.246" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.26 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Extensions [2012.11.10 15:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions [2012.11.10 13:27:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions\ich@maltegoetz.de [2012.11.10 15:07:29 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\firefox\profiles\w6wy145s.default\extensions\stealthyextension@gmail.com.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Giavorqae] C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-43RP6.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C5C3CE0-82A3-4E8E-A395-69A7B7C9C9B3}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Malwarebytes [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 11:05:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Programs [2013.03.01 11:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.02.28 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\ElevatedDiagnostics [2013.02.28 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Expiscor [2013.02.25 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic [2013.02.25 19:05:43 | 001,525,034 | ---- | C] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\258CANON [2013.02.06 12:56:05 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Chromium [2013.02.06 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.05 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Neuer Ordner [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.01 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\7kaa [2013.02.01 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA ========== Files - Modified Within 30 Days ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | M] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:40 | 000,050,477 | ---- | M] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:10:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 11:05:54 | 000,710,504 | ---- | M] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | M] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 11:05:54 | 000,000,376 | ---- | M] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:55:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 10:55:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 10:55:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 10:55:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 10:55:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 10:51:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 10:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 10:50:58 | 4258,508,798 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 10:47:24 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:50 | 003,442,713 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:01 | 000,010,065 | ---- | M] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | M] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 19:05:43 | 001,525,034 | ---- | M] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 11:20:09 | 000,007,334 | ---- | M] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | M] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.20 11:40:23 | 000,000,208 | ---- | M] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.19 15:52:26 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.01 23:38:01 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.01 23:11:02 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | M] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:30:19 | 000,008,088 | ---- | M] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods ========== Files Created - No Company Name ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | C] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:17 | 000,050,477 | ---- | C] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:05:54 | 000,710,504 | ---- | C] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | C] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,000,376 | ---- | C] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:05:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:36 | 003,442,713 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:00 | 000,010,065 | ---- | C] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | C] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 11:20:09 | 000,007,334 | ---- | C] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | C] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.06 23:34:40 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.05 23:09:41 | 000,000,208 | ---- | C] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.01 23:11:02 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | C] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:28:33 | 000,008,088 | ---- | C] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods [2012.10.16 10:52:04 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.26 16:17:19 | 000,000,508 | RHS- | C] () -- C:\Users\ArrowII\ntuser.pol [2012.09.26 15:54:46 | 000,050,994 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.26 15:53:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.26 15:53:46 | 000,037,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.03.01 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2012.09.28 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\OpenOffice.org [2013.01.07 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\SimpleScreenshot [2012.12.06 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\TeamViewer [2013.02.06 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 11:31:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free 31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe PRC - [2013.02.08 12:05:52 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 15:53:30 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\65984247e3e77b0d6fad25ee68f34664\System.Web.ni.dll MOD - [2013.02.19 15:53:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.02 08:41:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.02 08:41:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.02 02:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.02 02:59:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.02 02:59:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.02 02:59:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013.02.02 02:59:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.02 02:59:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.02 02:59:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- E:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.05 18:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.15 19:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Amazon.de: Günstige Preise für Elektronik & Foto, Filme, Musik, Bücher, Games, Spielzeug & mehr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 9D EE F3 26 11 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100007 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: "109.74.134.246" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "109.74.134.246" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "109.74.134.246" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "109.74.134.246" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.26 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Extensions [2012.11.10 15:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions [2012.11.10 13:27:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions\ich@maltegoetz.de [2012.11.10 15:07:29 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\firefox\profiles\w6wy145s.default\extensions\stealthyextension@gmail.com.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Giavorqae] C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-43RP6.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C5C3CE0-82A3-4E8E-A395-69A7B7C9C9B3}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Malwarebytes [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 11:05:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Programs [2013.03.01 11:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.02.28 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\ElevatedDiagnostics [2013.02.28 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Expiscor [2013.02.25 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic [2013.02.25 19:05:43 | 001,525,034 | ---- | C] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\258CANON [2013.02.06 12:56:05 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Chromium [2013.02.06 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.05 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Neuer Ordner [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.01 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\7kaa [2013.02.01 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA ========== Files - Modified Within 30 Days ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | M] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:40 | 000,050,477 | ---- | M] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:10:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 11:05:54 | 000,710,504 | ---- | M] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | M] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 11:05:54 | 000,000,376 | ---- | M] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:55:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 10:55:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 10:55:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 10:55:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 10:55:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 10:51:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 10:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 10:50:58 | 4258,508,798 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 10:47:24 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:50 | 003,442,713 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:01 | 000,010,065 | ---- | M] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | M] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 19:05:43 | 001,525,034 | ---- | M] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 11:20:09 | 000,007,334 | ---- | M] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | M] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.20 11:40:23 | 000,000,208 | ---- | M] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.19 15:52:26 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.01 23:38:01 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.01 23:11:02 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | M] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:30:19 | 000,008,088 | ---- | M] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods ========== Files Created - No Company Name ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | C] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:17 | 000,050,477 | ---- | C] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:05:54 | 000,710,504 | ---- | C] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | C] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,000,376 | ---- | C] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:05:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:36 | 003,442,713 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:00 | 000,010,065 | ---- | C] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | C] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 11:20:09 | 000,007,334 | ---- | C] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | C] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.06 23:34:40 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.05 23:09:41 | 000,000,208 | ---- | C] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.01 23:11:02 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | C] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:28:33 | 000,008,088 | ---- | C] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods [2012.10.16 10:52:04 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.26 16:17:19 | 000,000,508 | RHS- | C] () -- C:\Users\ArrowII\ntuser.pol [2012.09.26 15:54:46 | 000,050,994 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.26 15:53:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.26 15:53:46 | 000,037,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.03.01 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2012.09.28 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\OpenOffice.org [2013.01.07 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\SimpleScreenshot [2012.12.06 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\TeamViewer [2013.02.06 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 11:31:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free
31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS
Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634D57E-9761-44A1-80D1-18D7BE936A05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AB055F1-F2B3-432C-88FD-BD2959795400}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22B02CE9-3F1C-45AC-AC97-89719D6877E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26BC8A4E-1762-4104-BBB5-D9F7B282F972}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C6C41-2C40-4C86-8C77-409D023C2438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DEE3673-1605-47B3-B1D8-CEF17679395A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D5C79B2-1DBD-4BB1-91F2-4D25DC316B4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56A30E94-C7C9-40F4-8F33-79C0C4BF1947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F0F7580-993F-496F-9283-DAF88551B004}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A8324D0E-A910-4D15-8DC7-E0752FFC339E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4F4B39-1416-4103-B63A-94739BE42CC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC3E5885-846A-4DC0-BFE9-E850E96CB334}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2D3C44C-5EE7-46C1-8525-6D056252189A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B477DFF8-81EE-4511-9CFB-EA2979BA479A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDDCD573-1EF8-4119-B5EB-F84E0839CE1B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C2E93DA6-0CC9-4297-91F1-82707B05F47A}" = lport=445 | protocol=6 | dir=in | app=system |
"{D66A31A1-6105-42A3-81E0-A44A5E1B06F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6C27002-5A4B-4AC1-B503-7DE45FB14124}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA54455B-E584-4D45-896A-D9301DF5A819}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DACBD4E0-EE92-4FB7-BA71-DA27835E9719}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0D7DF6E-FA76-4994-903E-59A98C2C0A2A}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025982DB-340F-4A9C-9FCD-C5C24335E0B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0C772EDF-DD53-430F-95F0-F0D08DE009A7}" = dir=in | app=e:\programme\skype\phone\skype.exe |
"{102F42EB-B03E-4018-B5B6-A9CE72BB60B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CABC788-C0BB-4191-ADEC-B781BEBBAE42}" = protocol=17 | dir=in | app=e:\spiele\steam\steam.exe |
"{1CB33F31-B2B4-4C29-B87F-5705BBC5B001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F4E923E-0756-4044-8820-88DCDD157A32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21B7D2B3-5114-4CA0-8A2D-F08148930203}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2475E6FA-DC07-4B0A-8DA9-A49EF7A22413}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36C00E65-F521-4D56-BCCE-495850EA9477}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3750C961-9703-4BC2-A6F4-F9FE0BFA225A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{3F7B13A6-8A23-48A3-A0C4-4C8DFCEEF650}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43C0720F-5085-4DD2-B72A-4A6CE47A51AF}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{4445D4BA-779F-4B8E-AB76-4E5CCE6B07B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45D005CD-A01F-488E-AE4D-17C2A0129D15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4983BE47-BA07-409D-8225-134DE91EDEA8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E38B918-557C-40BB-9F21-9D07D3987E02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{51C67F79-06C2-4357-8AD9-4DC8D0C63D99}" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\local\apps\2.0\ze0kxlg8.jpr\bvd58ew5.7n7\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\curseclient.exe |
"{51DB4D9C-894B-43E9-A5C0-3265459A3624}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E2965BE-1DF3-48B5-8FD1-9207E6078C5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{678B69C8-D586-47B6-9BF8-EFAB49E9D7B8}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{6917228C-B0F7-4679-972B-14328DA85E74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71C6E7CA-63AE-4DC5-8915-247979DDC227}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7D2F397C-9279-45E0-BD47-4B0B2E4EE066}" = protocol=6 | dir=in | app=e:\spiele\steam\steam.exe |
"{838E3410-7EC7-4F56-AEB0-DEBD430AF9E2}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{9207017B-7F85-40DC-9C93-0751D8FB2E3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9992D25A-A3EF-4E66-9673-D5C1BF066B10}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{9A7E3466-F0FE-474C-B8DB-79DE92B6C289}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9A8C993C-B819-4459-B5D9-F379A3B8937A}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{A1652FD8-0B91-4A60-9C53-D0D4B0A7F360}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{A7300B3F-9820-4136-BCBD-EFBCA02672F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A763053A-3FC8-4FF6-9E50-E9E362628860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAFAD2F6-D88A-48F8-B11A-57A7B03CC160}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B4EFB40D-27A0-40E5-AFF9-BF5E8F57DE44}" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\local\apps\2.0\ze0kxlg8.jpr\bvd58ew5.7n7\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\curseclient.exe |
"{C37356F3-36D5-4702-B685-093DE7AC47D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C62F3F09-AD5A-4CAE-B586-5386BF41F559}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D054C6F8-0FB0-4B72-8759-10B9115FA8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D055B9A7-3672-4F52-BFC7-96D877CC5DB4}" = protocol=6 | dir=out | app=system |
"{D065020C-749C-46C9-B4B7-2561FBC4C44D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DA68BFB1-933D-4025-9F0B-D97354022F3E}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{DECE86B3-464A-44EF-9238-231646896BA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF021890-5AEF-457D-9289-6274680A7FCE}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{EA31E6C8-374D-4A0B-8988-81B2EFF271FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED9F4EF8-D218-49B4-9F43-622974871138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EF72C03F-1C41-4977-92D0-21A36DE5B256}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F7A5FA6B-2057-4392-A755-526E24DF351E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFBC0D8F-5020-4347-9F5A-838A39D1ABD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A29D3C5-C1FE-4EBE-AA43-9F4985142085}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"TCP Query User{133DB205-5277-43B8-B394-01717DEFB6B3}E:\spiele\7kingdoms\7kaa.exe" = protocol=6 | dir=in | app=e:\spiele\7kingdoms\7kaa.exe |
"TCP Query User{68348C05-CAA0-4F64-8AEF-9354B6B7B13F}J:\spiele\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=j:\spiele\battlefield 1942\bf1942.exe |
"TCP Query User{7EA72401-CE08-49A1-AF36-655619E23722}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{293AA0AA-C775-48C9-9613-A3B8D48A3756}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{D2E68276-EE3E-4370-A0BB-607892C080C5}E:\spiele\7kingdoms\7kaa.exe" = protocol=17 | dir=in | app=e:\spiele\7kingdoms\7kaa.exe |
"UDP Query User{D8264261-F323-4040-89CE-FF533EE4AA61}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{E20CDD8A-EB5B-4FF8-85D7-676616840DF9}J:\spiele\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=j:\spiele\battlefield 1942\bf1942.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7kaa" = Seven Kingdoms AA
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Lanmonitor 3" = Lanmonitor 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SimpleScreenshot" = SimpleScreenshot 1.40
"Steam App 34330" = Total War: SHOGUN 2
"TeamViewer 8" = TeamViewer 8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 19:31:43 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c30 Startzeit:
01ce160b7085c29a Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
00ec5575-81ff-11e2-a0b9-c86000df3505
Error - 01.03.2013 05:38:01 | Computer Name = ArrowIII | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 05:38:28 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d34 Startzeit:
01ce16607c036e74 Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
c394d88a-8253-11e2-999d-c86000df3505
Error - 01.03.2013 05:45:27 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11d0 Startzeit:
01ce16615e11878d Endzeit: 19 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
bd640f48-8254-11e2-999d-c86000df3505
Error - 01.03.2013 05:45:49 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01ce166182b7a09e Endzeit: 28 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
ca341fbf-8254-11e2-999d-c86000df3505
Error - 01.03.2013 05:51:44 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f90 Startzeit:
01ce166257e87245 Endzeit: 15 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
9e52b1b9-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 05:52:13 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 108c Startzeit:
01ce166263054cce Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
ae79b616-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 05:52:55 | Computer Name = ArrowIII | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 05:53:47 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4dc Startzeit:
01ce166297a936ff Endzeit: 0 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
e7f10a76-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 06:06:31 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6fc Startzeit:
01ce166459b2c992 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Berichts-ID:
accc2bdc-8257-11e2-a91b-c86000df3505
[ System Events ]
Error - 25.01.2013 05:41:21 | Computer Name = ArrowIII | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?01.?2013 um 10:39:16 unerwartet heruntergefahren.
Error - 25.01.2013 05:41:23 | Computer Name = ArrowIII | Source = BugCheck | ID = 1001
Description =
Error - 28.01.2013 12:31:04 | Computer Name = ArrowIII | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2013 um 17:29:24 unerwartet heruntergefahren.
Error - 28.01.2013 12:31:06 | Computer Name = ArrowIII | Source = BugCheck | ID = 1001
Description =
Error - 02.02.2013 03:41:06 | Computer Name = ArrowIII | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.02.2013 19:40:56 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 19.02.2013 19:40:56 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 21.02.2013 06:47:05 | Computer Name = ArrowIII | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.02.2013 12:29:04 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 21.02.2013 12:33:25 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
< End of report >
Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ArrowII :: ARROWIII [Administrator] 01.03.2013 12:03:42 mbam-log-2013-03-01 (12-03-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367234 Laufzeit: 6 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) _____________________________AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 12:09:35 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ArrowII - ARROWIII
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ArrowII\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\ArrowII\AppData\Roaming\Mozilla\Firefox\Profiles\w6wy145s.default\prefs.js
Gefunden : user_pref("extensions.asktb.cbid", "F4");
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1342998084621");
Gefunden : user_pref("extensions.asktb.locale", "en_US");
Gefunden : user_pref("extensions.asktb.o", "101699");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "10");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.v", "3.8.0.100013");
Gefunden : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
*************************
AdwCleaner[R1].txt - [2154 octets] - [01/03/2013 11:18:10]
AdwCleaner[R2].txt - [2214 octets] - [01/03/2013 11:18:40]
AdwCleaner[R3].txt - [2143 octets] - [01/03/2013 12:09:35]
########## EOF - C:\AdwCleaner[R3].txt - [2203 octets] ##########
Emsisoft Anti-Malware - Version 7.0 Letztes Update: 01.03.2013 12:16:58 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\, J:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 01.03.2013 12:17:39 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d038807.qua -> (Quarantine-8) -> Bestellung vom 06-2012 .com gefunden: Trojan.Generic.KDV.673345 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54815978.qua -> (Quarantine-8) gefunden: Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\554e56c3.qua -> (Quarantine-8) gefunden: Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5595a7ae.qua -> (Quarantine-8) -> Bestellung vom 06-2012.zip -> Bestellung vom 06-2012 .com gefunden: Trojan.Generic.KDV.673345 (B) J:\spiele\Battlefield 1942\AdminTool\RemoteConsole.exe gefunden: Trojan.Win32.Menti.opwu.AMN (A) Gescannt 466683 Gefunden 5 Scan Ende: 01.03.2013 12:27:32 Scan Zeit: 0:09:53 J:\spiele\Battlefield 1942\AdminTool\RemoteConsole.exe Quarantäne Trojan.Win32.Menti.opwu.AMN (A) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54815978.qua -> (Quarantine-8) Quarantäne Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\554e56c3.qua -> (Quarantine-8) Quarantäne Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d038807.qua -> (Quarantine-8) -> Bestellung vom 06-2012 .com Quarantäne Trojan.Generic.KDV.673345 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5595a7ae.qua -> (Quarantine-8) -> Bestellung vom 06-2012.zip -> Bestellung vom 06-2012 .com Quarantäne Trojan.Generic.KDV.673345 (B) Quarantäne 5 |
|
01.03.2013, 12:50
| #2 |
| /// Helfer-Team  | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Giavorqae] C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-43RP6.exe ()
MOD - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
[2013.03.01 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Eqniym
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\ArrowII\*.tmp
C:\Users\ArrowII\AppData\*.dll
C:\Users\ArrowII\AppData\*.exe
C:\Users\ArrowII\AppData\Local\Temp\*.exe
C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
01.03.2013, 13:56
| #3 |
| | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. All processes killed
__________________========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Giavorqae deleted successfully. C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 not found. File C:\Windows\is-43RP6.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. C:\Users\ArrowII\AppData\Roaming\Eqniym folder moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\ArrowII\*.tmp not found. File\Folder C:\Users\ArrowII\AppData\*.dll not found. File\Folder C:\Users\ArrowII\AppData\*.exe not found. C:\Users\ArrowII\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe moved successfully. C:\Users\ArrowII\AppData\Local\Temp\_is17F2.exe moved successfully. C:\Users\ArrowII\AppData\Local\Temp\_isC438.exe moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\appIcon folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\ArrowII\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\ArrowII\Desktop\cmd.bat deleted successfully. C:\Users\ArrowII\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ArrowII ->Temp folder emptied: 599490078 bytes ->Temporary Internet Files folder emptied: 150492018 bytes ->FireFox cache emptied: 54740884 bytes ->Flash cache emptied: 94 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 710504 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 104275253 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 240171695 bytes Total Files Cleaned = 1.097,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03012013_133840 Files\Folders moved on Reboot... C:\Users\ArrowII\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... ________________________________________________________________________ Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.03.01.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ArrowII :: ARROWIII [administrator] 01.03.2013 13:46:03 mbar-log-2013-03-01 (13-46-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 6387 Time elapsed: 2 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ____________________________________________ AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 13:49:23 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ArrowII - ARROWIII
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ArrowII\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\ArrowII\AppData\Roaming\Mozilla\Firefox\Profiles\w6wy145s.default\prefs.js
C:\Users\ArrowII\AppData\Roaming\Mozilla\Firefox\Profiles\w6wy145s.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.asktb.cbid", "F4");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1342998084621");
Gelöscht : user_pref("extensions.asktb.locale", "en_US");
Gelöscht : user_pref("extensions.asktb.o", "101699");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "10");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.v", "3.8.0.100013");
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
*************************
AdwCleaner[R1].txt - [2154 octets] - [01/03/2013 11:18:10]
AdwCleaner[R2].txt - [2214 octets] - [01/03/2013 11:18:40]
AdwCleaner[R3].txt - [2272 octets] - [01/03/2013 12:09:35]
AdwCleaner[R4].txt - [2380 octets] - [01/03/2013 13:48:34]
AdwCleaner[S1].txt - [2414 octets] - [01/03/2013 13:49:23]
########## EOF - C:\AdwCleaner[S1].txt - [2474 octets] ##########
|
|
01.03.2013, 18:43
| #4 |
| /// Helfer-Team | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
01.03.2013, 22:29
| #5 |
| | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-03-01 19:37:04 ----------------------------- 19:37:04.292 OS Version: Windows x64 6.1.7601 Service Pack 1 19:37:04.292 Number of processors: 4 586 0x3A09 19:37:04.292 ComputerName: ARROWIII UserName: ArrowII 19:37:04.323 Initialze error 1 Unzulässige Funktion. 19:42:49.304 AVAST engine defs: 13030100 21:17:20.335 The log file has been saved successfully to "C:\Users\ArrowII\Desktop\aswMBR.txt" ___________________________________________________ ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2aa6ba8c2b28084cab57c66e3fe12b5d # engine=13277 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-01 08:51:28 # local_time=2013-03-01 09:51:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 9295 227594378 5686 0 # compatibility_mode=5893 16776574 100 94 59576865 113800938 0 0 # scanned=135932 # found=1 # cleaned=0 # scan_time=1111 sh=4541589793AA6657111D7296FC40FF7A8689DA99 ft=1 fh=475aff1ad84d3dce vn="a variant of Win32/Kryptik.AVNC trojan" ac=I fn="C:\_OTL\MovedFiles\03012013_133840\C_Users\ArrowII\AppData\Roaming\Anemot\loqua.exe" _____________________________________________________________________ Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.4.402.278 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (19.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Emsisoft Anti-Malware a2service.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` _________________________________________________________________________ Vielen Dank für die Hilfe! |
|
02.03.2013, 10:44
| #6 |
| /// Helfer-Team | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> Infektion: Firefox stürzt ab; Virusseiten werden geblockt. |
|
02.03.2013, 16:22
| #7 |
| | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash ist nicht installiert oder aktiviert. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,0,0 ist aktuell. ____________________ Hätte ich das geahnt, dann hätte ich mich früher um Java und co gekümmert... Vielen Dank für die Hilfe! |
|
03.03.2013, 11:14
| #8 |
| /// Helfer-Team | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Sehr gut! Flash kannst du zuassen. damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
14.05.2013, 13:10
| #9 |
| /// Helfer-Team | Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Infektion: Firefox stürzt ab; Virusseiten werden geblockt. |
| 7-zip, acrobat update, appdata, avira, battle.net, beim starten, check, datei, escan, fehlermeldung, fehlermeldung beim starten, firefox, firefox stürzt ab, firewall, geblockt, gmer, infektion, install.exe, internet browser, msn deutschland, neustart, nicht mehr, nvidia update, plug-in, prozess, registrierungsdatenbank, roaming, scan, seite, seiten, sekunden, starten, stürzt ab, traces, windows, windows firewall, zugriff |
Linear-Darstellung
