| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infektion: Firefox stürzt ab; Virusseiten werden geblockt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.03.2013, 11:56
| #1 |
| |  Infektion: Firefox stürzt ab; Virusseiten werden geblockt. Hallo, gestern meldete sich die eigentlich deaktivierte Windows firewall mit dem Hinweis, daß der Zugriff eines Programmes beschränkt werden soll: Pfad: C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe Danach war Firefox nicht mehr nutzbar, es stürzt ab. Ein Virenscan mit dem installierten Avira war ohne Befund. Der Versuch einen Onlinescanner aufzurufen mittels IE wird blockiert. Andere Seiten sind aufrufbar mit dem IE. Ich habe die Anweisungen eures Eingangsposts Schritt für Schritt befolgt: 1. Defogger: Check; keine Sondermeldung, kein Neustart etc erforderlich. 2. OTL: Check (siehe unten) 3. Gmer: Fehlermeldung beim Starten (Als Admin): windows/system32/config/system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwedet wird. OK Änderungen im Programm wie vorgegeben gemacht und scan gestartet. Scanner stürzt nach ca 20 sekunden ab. Avira ist deaktiviert, lediglich der IE war offen beim Scan. Da sitze ich nun, und hoffe, daß ihr mir helfen könnt :-D Grüße ArrowII OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 11:31:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free 31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe PRC - [2013.02.08 12:05:52 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 15:53:30 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\65984247e3e77b0d6fad25ee68f34664\System.Web.ni.dll MOD - [2013.02.19 15:53:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.02 08:41:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.02 08:41:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.02 02:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.02 02:59:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.02 02:59:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.02 02:59:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013.02.02 02:59:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.02 02:59:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.02 02:59:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- E:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.05 18:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.15 19:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Amazon.de: Günstige Preise für Elektronik & Foto, Filme, Musik, Bücher, Games, Spielzeug & mehr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 9D EE F3 26 11 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100007 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: "109.74.134.246" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "109.74.134.246" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "109.74.134.246" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "109.74.134.246" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.26 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Extensions [2012.11.10 15:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions [2012.11.10 13:27:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions\ich@maltegoetz.de [2012.11.10 15:07:29 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\firefox\profiles\w6wy145s.default\extensions\stealthyextension@gmail.com.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Giavorqae] C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-43RP6.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C5C3CE0-82A3-4E8E-A395-69A7B7C9C9B3}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Malwarebytes [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 11:05:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Programs [2013.03.01 11:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.02.28 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\ElevatedDiagnostics [2013.02.28 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Expiscor [2013.02.25 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic [2013.02.25 19:05:43 | 001,525,034 | ---- | C] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\258CANON [2013.02.06 12:56:05 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Chromium [2013.02.06 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.05 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Neuer Ordner [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.01 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\7kaa [2013.02.01 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA ========== Files - Modified Within 30 Days ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | M] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:40 | 000,050,477 | ---- | M] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:10:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 11:05:54 | 000,710,504 | ---- | M] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | M] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 11:05:54 | 000,000,376 | ---- | M] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:55:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 10:55:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 10:55:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 10:55:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 10:55:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 10:51:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 10:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 10:50:58 | 4258,508,798 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 10:47:24 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:50 | 003,442,713 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:01 | 000,010,065 | ---- | M] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | M] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 19:05:43 | 001,525,034 | ---- | M] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 11:20:09 | 000,007,334 | ---- | M] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | M] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.20 11:40:23 | 000,000,208 | ---- | M] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.19 15:52:26 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.01 23:38:01 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.01 23:11:02 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | M] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:30:19 | 000,008,088 | ---- | M] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods ========== Files Created - No Company Name ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | C] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:17 | 000,050,477 | ---- | C] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:05:54 | 000,710,504 | ---- | C] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | C] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,000,376 | ---- | C] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:05:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:36 | 003,442,713 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:00 | 000,010,065 | ---- | C] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | C] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 11:20:09 | 000,007,334 | ---- | C] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | C] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.06 23:34:40 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.05 23:09:41 | 000,000,208 | ---- | C] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.01 23:11:02 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | C] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:28:33 | 000,008,088 | ---- | C] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods [2012.10.16 10:52:04 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.26 16:17:19 | 000,000,508 | RHS- | C] () -- C:\Users\ArrowII\ntuser.pol [2012.09.26 15:54:46 | 000,050,994 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.26 15:53:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.26 15:53:46 | 000,037,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.03.01 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2012.09.28 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\OpenOffice.org [2013.01.07 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\SimpleScreenshot [2012.12.06 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\TeamViewer [2013.02.06 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 11:31:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free 31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe PRC - [2013.02.08 12:05:52 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 15:53:30 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\65984247e3e77b0d6fad25ee68f34664\System.Web.ni.dll MOD - [2013.02.19 15:53:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.02 08:41:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.02 08:41:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.02 02:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.02 02:59:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.02 02:59:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.02 02:59:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013.02.02 02:59:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.02 02:59:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.02 02:59:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.05 19:24:27 | 000,241,152 | ---- | M] () -- C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- E:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.05 18:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.15 19:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Amazon.de: Günstige Preise für Elektronik & Foto, Filme, Musik, Bücher, Games, Spielzeug & mehr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 9D EE F3 26 11 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.100007 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: "109.74.134.246" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "109.74.134.246" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "109.74.134.246" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "109.74.134.246" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 10:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.26 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Extensions [2012.11.10 15:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions [2012.11.10 13:27:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ArrowII\AppData\Roaming\mozilla\Firefox\Profiles\w6wy145s.default\extensions\ich@maltegoetz.de [2012.11.10 15:07:29 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\ArrowII\AppData\Roaming\mozilla\firefox\profiles\w6wy145s.default\extensions\stealthyextension@gmail.com.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Giavorqae] C:\Users\ArrowII\AppData\Roaming\Anemot\loqua.exe () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-43RP6.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C5C3CE0-82A3-4E8E-A395-69A7B7C9C9B3}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5845572e-07e6-11e2-8964-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Malwarebytes [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 11:05:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Programs [2013.03.01 11:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2013.02.28 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.02.28 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\ElevatedDiagnostics [2013.02.28 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Expiscor [2013.02.25 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic [2013.02.25 19:05:43 | 001,525,034 | ---- | C] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\258CANON [2013.02.06 12:56:05 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Local\Chromium [2013.02.06 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.05 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\Desktop\Neuer Ordner [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.01 23:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.01 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\7kaa [2013.02.01 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\ArrowII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA ========== Files - Modified Within 30 Days ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | M] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:40 | 000,050,477 | ---- | M] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:10:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 11:05:54 | 000,710,504 | ---- | M] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | M] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 11:05:54 | 000,000,376 | ---- | M] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArrowII\Desktop\OTL.exe [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:58:09 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 10:55:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 10:55:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 10:55:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 10:55:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 10:55:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 10:51:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 10:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 10:50:58 | 4258,508,798 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 10:47:24 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:50 | 003,442,713 | ---- | M] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:01 | 000,010,065 | ---- | M] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | M] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 19:05:43 | 001,525,034 | ---- | M] (efpage ) -- C:\Users\ArrowII\Desktop\TinyPicSetup.exe [2013.02.25 11:20:09 | 000,007,334 | ---- | M] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | M] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | M] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.20 11:40:23 | 000,000,208 | ---- | M] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.19 15:52:26 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.01 23:38:01 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.01 23:11:02 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | M] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:30:19 | 000,008,088 | ---- | M] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods ========== Files Created - No Company Name ========== [2013.03.01 11:31:24 | 000,000,000 | ---- | C] () -- C:\Users\ArrowII\defogger_reenable [2013.03.01 11:30:17 | 000,050,477 | ---- | C] () -- C:\Users\ArrowII\Desktop\Defogger.exe [2013.03.01 11:05:54 | 000,710,504 | ---- | C] () -- C:\Windows\is-43RP6.exe [2013.03.01 11:05:54 | 000,013,521 | ---- | C] () -- C:\Windows\is-43RP6.msg [2013.03.01 11:05:54 | 000,000,376 | ---- | C] () -- C:\Windows\is-43RP6.lst [2013.03.01 11:05:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 13:34:11 | 000,001,062 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor - Verknüpfung.lnk [2013.02.28 13:33:36 | 003,442,713 | ---- | C] () -- C:\Users\ArrowII\Desktop\Expiscor.zip [2013.02.28 09:16:00 | 000,010,065 | ---- | C] () -- C:\Users\ArrowII\Desktop\ID.zip [2013.02.25 19:06:35 | 000,000,547 | ---- | C] () -- C:\Users\ArrowII\Desktop\TinyPic.lnk [2013.02.25 11:20:09 | 000,007,334 | ---- | C] () -- C:\Users\ArrowII\Desktop\OpenDocument Text (neu) (2).odt [2013.02.25 11:15:34 | 000,002,066 | ---- | C] () -- C:\Users\ArrowII\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.02.25 11:15:34 | 000,001,995 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira DE-Cleaner.lnk [2013.02.25 11:15:32 | 000,883,840 | ---- | C] () -- C:\Users\ArrowII\Desktop\Avira-DE-Cleaner.exe [2013.02.06 23:34:40 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.05 23:09:41 | 000,000,208 | ---- | C] () -- C:\Users\ArrowII\Desktop\Total War SHOGUN 2.url [2013.02.01 23:11:02 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.01 22:52:08 | 000,000,340 | ---- | C] () -- C:\Users\ArrowII\CD-Laufwerk - Verknüpfung.lnk [2013.01.31 23:28:33 | 000,008,088 | ---- | C] () -- C:\Users\ArrowII\Desktop\NetzwerkPlan.ods [2012.10.16 10:52:04 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.26 16:17:19 | 000,000,508 | RHS- | C] () -- C:\Users\ArrowII\ntuser.pol [2012.09.26 15:54:46 | 000,050,994 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.26 15:53:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.26 15:53:46 | 000,037,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Anemot [2013.03.01 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Eqniym [2012.09.28 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\OpenOffice.org [2013.01.07 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\SimpleScreenshot [2012.12.06 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\TeamViewer [2013.02.06 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\The Creative Assembly [2013.02.28 23:48:28 | 000,000,000 | ---D | M] -- C:\Users\ArrowII\AppData\Roaming\Wedyfi ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 11:31:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArrowII\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,95 Gb Total Physical Memory | 13,18 Gb Available Physical Memory | 82,61% Memory free
31,91 Gb Paging File | 28,96 Gb Available in Paging File | 90,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,40 Gb Total Space | 12,56 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
Drive E: | 119,24 Gb Total Space | 47,19 Gb Free Space | 39,57% Space Free | Partition Type: NTFS
Drive J: | 558,91 Gb Total Space | 467,58 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Computer Name: ARROWIII | User Name: ArrowII | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634D57E-9761-44A1-80D1-18D7BE936A05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AB055F1-F2B3-432C-88FD-BD2959795400}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22B02CE9-3F1C-45AC-AC97-89719D6877E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26BC8A4E-1762-4104-BBB5-D9F7B282F972}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C6C41-2C40-4C86-8C77-409D023C2438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DEE3673-1605-47B3-B1D8-CEF17679395A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D5C79B2-1DBD-4BB1-91F2-4D25DC316B4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56A30E94-C7C9-40F4-8F33-79C0C4BF1947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F0F7580-993F-496F-9283-DAF88551B004}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A8324D0E-A910-4D15-8DC7-E0752FFC339E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4F4B39-1416-4103-B63A-94739BE42CC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC3E5885-846A-4DC0-BFE9-E850E96CB334}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2D3C44C-5EE7-46C1-8525-6D056252189A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B477DFF8-81EE-4511-9CFB-EA2979BA479A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDDCD573-1EF8-4119-B5EB-F84E0839CE1B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C2E93DA6-0CC9-4297-91F1-82707B05F47A}" = lport=445 | protocol=6 | dir=in | app=system |
"{D66A31A1-6105-42A3-81E0-A44A5E1B06F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6C27002-5A4B-4AC1-B503-7DE45FB14124}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA54455B-E584-4D45-896A-D9301DF5A819}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DACBD4E0-EE92-4FB7-BA71-DA27835E9719}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0D7DF6E-FA76-4994-903E-59A98C2C0A2A}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025982DB-340F-4A9C-9FCD-C5C24335E0B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0C772EDF-DD53-430F-95F0-F0D08DE009A7}" = dir=in | app=e:\programme\skype\phone\skype.exe |
"{102F42EB-B03E-4018-B5B6-A9CE72BB60B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CABC788-C0BB-4191-ADEC-B781BEBBAE42}" = protocol=17 | dir=in | app=e:\spiele\steam\steam.exe |
"{1CB33F31-B2B4-4C29-B87F-5705BBC5B001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F4E923E-0756-4044-8820-88DCDD157A32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21B7D2B3-5114-4CA0-8A2D-F08148930203}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2475E6FA-DC07-4B0A-8DA9-A49EF7A22413}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36C00E65-F521-4D56-BCCE-495850EA9477}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3750C961-9703-4BC2-A6F4-F9FE0BFA225A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{3F7B13A6-8A23-48A3-A0C4-4C8DFCEEF650}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43C0720F-5085-4DD2-B72A-4A6CE47A51AF}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{4445D4BA-779F-4B8E-AB76-4E5CCE6B07B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45D005CD-A01F-488E-AE4D-17C2A0129D15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4983BE47-BA07-409D-8225-134DE91EDEA8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E38B918-557C-40BB-9F21-9D07D3987E02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{51C67F79-06C2-4357-8AD9-4DC8D0C63D99}" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\local\apps\2.0\ze0kxlg8.jpr\bvd58ew5.7n7\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\curseclient.exe |
"{51DB4D9C-894B-43E9-A5C0-3265459A3624}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E2965BE-1DF3-48B5-8FD1-9207E6078C5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{678B69C8-D586-47B6-9BF8-EFAB49E9D7B8}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{6917228C-B0F7-4679-972B-14328DA85E74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71C6E7CA-63AE-4DC5-8915-247979DDC227}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7D2F397C-9279-45E0-BD47-4B0B2E4EE066}" = protocol=6 | dir=in | app=e:\spiele\steam\steam.exe |
"{838E3410-7EC7-4F56-AEB0-DEBD430AF9E2}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{9207017B-7F85-40DC-9C93-0751D8FB2E3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9992D25A-A3EF-4E66-9673-D5C1BF066B10}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{9A7E3466-F0FE-474C-B8DB-79DE92B6C289}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9A8C993C-B819-4459-B5D9-F379A3B8937A}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{A1652FD8-0B91-4A60-9C53-D0D4B0A7F360}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{A7300B3F-9820-4136-BCBD-EFBCA02672F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A763053A-3FC8-4FF6-9E50-E9E362628860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAFAD2F6-D88A-48F8-B11A-57A7B03CC160}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B4EFB40D-27A0-40E5-AFF9-BF5E8F57DE44}" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\local\apps\2.0\ze0kxlg8.jpr\bvd58ew5.7n7\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\curseclient.exe |
"{C37356F3-36D5-4702-B685-093DE7AC47D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C62F3F09-AD5A-4CAE-B586-5386BF41F559}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D054C6F8-0FB0-4B72-8759-10B9115FA8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D055B9A7-3672-4F52-BFC7-96D877CC5DB4}" = protocol=6 | dir=out | app=system |
"{D065020C-749C-46C9-B4B7-2561FBC4C44D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DA68BFB1-933D-4025-9F0B-D97354022F3E}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{DECE86B3-464A-44EF-9238-231646896BA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF021890-5AEF-457D-9289-6274680A7FCE}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{EA31E6C8-374D-4A0B-8988-81B2EFF271FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED9F4EF8-D218-49B4-9F43-622974871138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EF72C03F-1C41-4977-92D0-21A36DE5B256}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F7A5FA6B-2057-4392-A755-526E24DF351E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFBC0D8F-5020-4347-9F5A-838A39D1ABD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A29D3C5-C1FE-4EBE-AA43-9F4985142085}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"TCP Query User{133DB205-5277-43B8-B394-01717DEFB6B3}E:\spiele\7kingdoms\7kaa.exe" = protocol=6 | dir=in | app=e:\spiele\7kingdoms\7kaa.exe |
"TCP Query User{68348C05-CAA0-4F64-8AEF-9354B6B7B13F}J:\spiele\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=j:\spiele\battlefield 1942\bf1942.exe |
"TCP Query User{7EA72401-CE08-49A1-AF36-655619E23722}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=6 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{293AA0AA-C775-48C9-9613-A3B8D48A3756}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{D2E68276-EE3E-4370-A0BB-607892C080C5}E:\spiele\7kingdoms\7kaa.exe" = protocol=17 | dir=in | app=e:\spiele\7kingdoms\7kaa.exe |
"UDP Query User{D8264261-F323-4040-89CE-FF533EE4AA61}C:\users\arrowii\appdata\roaming\anemot\loqua.exe" = protocol=17 | dir=in | app=c:\users\arrowii\appdata\roaming\anemot\loqua.exe |
"UDP Query User{E20CDD8A-EB5B-4FF8-85D7-676616840DF9}J:\spiele\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=j:\spiele\battlefield 1942\bf1942.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7kaa" = Seven Kingdoms AA
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Lanmonitor 3" = Lanmonitor 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SimpleScreenshot" = SimpleScreenshot 1.40
"Steam App 34330" = Total War: SHOGUN 2
"TeamViewer 8" = TeamViewer 8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 19:31:43 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c30 Startzeit:
01ce160b7085c29a Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
00ec5575-81ff-11e2-a0b9-c86000df3505
Error - 01.03.2013 05:38:01 | Computer Name = ArrowIII | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 05:38:28 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d34 Startzeit:
01ce16607c036e74 Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
c394d88a-8253-11e2-999d-c86000df3505
Error - 01.03.2013 05:45:27 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11d0 Startzeit:
01ce16615e11878d Endzeit: 19 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
bd640f48-8254-11e2-999d-c86000df3505
Error - 01.03.2013 05:45:49 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01ce166182b7a09e Endzeit: 28 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
ca341fbf-8254-11e2-999d-c86000df3505
Error - 01.03.2013 05:51:44 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f90 Startzeit:
01ce166257e87245 Endzeit: 15 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
9e52b1b9-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 05:52:13 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 108c Startzeit:
01ce166263054cce Endzeit: 16 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
ae79b616-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 05:52:55 | Computer Name = ArrowIII | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 05:53:47 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4dc Startzeit:
01ce166297a936ff Endzeit: 0 Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
e7f10a76-8255-11e2-a91b-c86000df3505
Error - 01.03.2013 06:06:31 | Computer Name = ArrowIII | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6fc Startzeit:
01ce166459b2c992 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Berichts-ID:
accc2bdc-8257-11e2-a91b-c86000df3505
[ System Events ]
Error - 25.01.2013 05:41:21 | Computer Name = ArrowIII | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?01.?2013 um 10:39:16 unerwartet heruntergefahren.
Error - 25.01.2013 05:41:23 | Computer Name = ArrowIII | Source = BugCheck | ID = 1001
Description =
Error - 28.01.2013 12:31:04 | Computer Name = ArrowIII | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2013 um 17:29:24 unerwartet heruntergefahren.
Error - 28.01.2013 12:31:06 | Computer Name = ArrowIII | Source = BugCheck | ID = 1001
Description =
Error - 02.02.2013 03:41:06 | Computer Name = ArrowIII | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.02.2013 19:40:56 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 19.02.2013 19:40:56 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 21.02.2013 06:47:05 | Computer Name = ArrowIII | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.02.2013 12:29:04 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 21.02.2013 12:33:25 | Computer Name = ArrowIII | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
< End of report >
Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ArrowII :: ARROWIII [Administrator] 01.03.2013 12:03:42 mbam-log-2013-03-01 (12-03-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367234 Laufzeit: 6 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) _____________________________AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 12:09:35 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ArrowII - ARROWIII
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ArrowII\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\ArrowII\AppData\Roaming\Mozilla\Firefox\Profiles\w6wy145s.default\prefs.js
Gefunden : user_pref("extensions.asktb.cbid", "F4");
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1342998084621");
Gefunden : user_pref("extensions.asktb.locale", "en_US");
Gefunden : user_pref("extensions.asktb.o", "101699");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "10");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.v", "3.8.0.100013");
Gefunden : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
*************************
AdwCleaner[R1].txt - [2154 octets] - [01/03/2013 11:18:10]
AdwCleaner[R2].txt - [2214 octets] - [01/03/2013 11:18:40]
AdwCleaner[R3].txt - [2143 octets] - [01/03/2013 12:09:35]
########## EOF - C:\AdwCleaner[R3].txt - [2203 octets] ##########
Emsisoft Anti-Malware - Version 7.0 Letztes Update: 01.03.2013 12:16:58 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\, J:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 01.03.2013 12:17:39 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d038807.qua -> (Quarantine-8) -> Bestellung vom 06-2012 .com gefunden: Trojan.Generic.KDV.673345 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54815978.qua -> (Quarantine-8) gefunden: Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\554e56c3.qua -> (Quarantine-8) gefunden: Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5595a7ae.qua -> (Quarantine-8) -> Bestellung vom 06-2012.zip -> Bestellung vom 06-2012 .com gefunden: Trojan.Generic.KDV.673345 (B) J:\spiele\Battlefield 1942\AdminTool\RemoteConsole.exe gefunden: Trojan.Win32.Menti.opwu.AMN (A) Gescannt 466683 Gefunden 5 Scan Ende: 01.03.2013 12:27:32 Scan Zeit: 0:09:53 J:\spiele\Battlefield 1942\AdminTool\RemoteConsole.exe Quarantäne Trojan.Win32.Menti.opwu.AMN (A) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54815978.qua -> (Quarantine-8) Quarantäne Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\554e56c3.qua -> (Quarantine-8) Quarantäne Gen:Variant.Kazy.96112 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d038807.qua -> (Quarantine-8) -> Bestellung vom 06-2012 .com Quarantäne Trojan.Generic.KDV.673345 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5595a7ae.qua -> (Quarantine-8) -> Bestellung vom 06-2012.zip -> Bestellung vom 06-2012 .com Quarantäne Trojan.Generic.KDV.673345 (B) Quarantäne 5 |
| Themen zu Infektion: Firefox stürzt ab; Virusseiten werden geblockt. |
| 7-zip, acrobat update, appdata, avira, battle.net, beim starten, check, datei, escan, fehlermeldung, fehlermeldung beim starten, firefox, firefox stürzt ab, firewall, geblockt, gmer, infektion, install.exe, internet browser, msn deutschland, neustart, nicht mehr, nvidia update, plug-in, prozess, registrierungsdatenbank, roaming, scan, seite, seiten, sekunden, starten, stürzt ab, traces, windows, windows firewall, zugriff |
Baum-Darstellung