| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständig Probleme mit Avast (findet win32 Downloader)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.07.2012, 08:39
| #1 |
| |  Ständig Probleme mit Avast (findet win32 Downloader) Moin liebes Forum Zuerstmal ich bin neu hier von daher möchte ich mich schonmal im Vorraus für eventuelle Fehler die ich beim Thread erstellen mache Entschuldigen . Aber nun zu meinem Problem : ich habe vor ca. einer woche während ich gesurft habe die Meldung von meinem pc bekommen ich solle mein Adobe flash player aktualisieren (lediglich per admin rechten bestätigen) also es hat kein Download von irgendwas stattgefunden , seitdem dreht mein avast völlig ab ich bekomm im sekundentakt die meldung das in C:/Windows/installer und in C:/Windows/System32 service. exe ein Trojaner ist (Win32 Dowloader PKU) ich klickte auf wie normalerweise üblich bei so einer meldung auf löschen und dachte damit ist das Problem behoben , doch trotzdem kommt alle paar minuten das dort ein trojaner ist , ich hab schon system komplett überprüfungen etc gemacht die Meldung hört einfach nicht auf , Ich mache auf dem computer kein onlinebanking oder sonstiges von daher ist die gefahr gering . Ich erhoffe mir hilfe wie ich den trojaner ohne systemneuaufsetzen beseitigen kann (oder zumindest die meldung abstellen kann) denn eine systemneuafsetzung/wiederherstellung etc- kommt bei mir auf keinen fall in frage bedanke mich im vorraus schonmal für die Antworten  Mein System : AMD Phenon II X6 1100T Processor , 8 GB RAM Nvidia Geforce GTX 560 TI Ich habe auch bereits versucht das mit dem Malwarebytes programm das hier auf der seite zum download angeboten wird zu löschen , klappt aber auch nicht wirklich das ergebniss davon ist Schutz: Aktiviert Datenbank Version: v2012.07.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Benutzer :: Benutzer-PC [Administrator] 15.07.2012 09:21:28 mbam-log-2012-07-15 (09-21-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 80563 Laufzeit: 17 Minute(n), 2 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich brauche wirklich dringend hilfe  Und das hier sind die Ergebnisse von Hijack this (nach der versuchten löschung) Running processes: C:\Program Files (x86)\ICQ7.5\ICQ.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Chris\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-2518366123-504797583-867521728-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2518366123-504797583-867521728-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Poweroff - Jorgen Bosman - C:\Windows\system32\poweroff.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) |
|
15.07.2012, 11:22
| #2 |
  | Ständig Probleme mit Avast (findet win32 Downloader) Hi,
__________________das ist ein Rootkit, das geht nicht so einfach... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris
__________________ |
|
15.07.2012, 12:57
| #3 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hey erstmal danke fürs Antworten ich habe es genau so gemacht wie du gesagt hast mit Beiden scannern das ist das Ergebniss wär echt super wen ich das ganze system nicht neu aufsetzen müsste :>
__________________TDSS 13:50:35.0261 2936 VClone - ok 13:50:35.0324 2936 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:50:35.0324 2936 vdrvroot - ok 13:50:35.0527 2936 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 13:50:35.0589 2936 vds - ok 13:50:35.0605 2936 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:50:35.0620 2936 vga - ok 13:50:35.0636 2936 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:50:35.0698 2936 VgaSave - ok 13:50:35.0714 2936 VGPU - ok 13:50:35.0761 2936 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:50:35.0761 2936 vhdmp - ok 13:50:35.0776 2936 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:50:35.0792 2936 viaide - ok 13:50:35.0823 2936 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 13:50:35.0839 2936 vmbus - ok 13:50:35.0854 2936 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 13:50:35.0854 2936 VMBusHID - ok 13:50:35.0885 2936 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:50:35.0885 2936 volmgr - ok 13:50:35.0932 2936 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:50:35.0932 2936 volmgrx - ok 13:50:35.0963 2936 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:50:35.0979 2936 volsnap - ok 13:50:35.0995 2936 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:50:36.0010 2936 vsmraid - ok 13:50:36.0104 2936 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 13:50:36.0166 2936 VSS - ok 13:50:36.0291 2936 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 13:50:36.0322 2936 vwifibus - ok 13:50:36.0385 2936 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:50:36.0416 2936 W32Time - ok 13:50:36.0431 2936 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:50:36.0478 2936 WacomPen - ok 13:50:36.0541 2936 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:50:36.0587 2936 WANARP - ok 13:50:36.0619 2936 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:50:36.0650 2936 Wanarpv6 - ok 13:50:36.0712 2936 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 13:50:36.0775 2936 wbengine - ok 13:50:36.0806 2936 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:50:36.0821 2936 WbioSrvc - ok 13:50:36.0853 2936 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 13:50:36.0899 2936 wcncsvc - ok 13:50:36.0915 2936 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 13:50:36.0931 2936 WcsPlugInService - ok 13:50:36.0962 2936 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:50:36.0962 2936 Wd - ok 13:50:37.0009 2936 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:50:37.0024 2936 Wdf01000 - ok 13:50:37.0024 2936 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:50:37.0071 2936 WdiServiceHost - ok 13:50:37.0071 2936 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:50:37.0087 2936 WdiSystemHost - ok 13:50:37.0133 2936 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 13:50:37.0180 2936 WebClient - ok 13:50:37.0196 2936 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:50:37.0258 2936 Wecsvc - ok 13:50:37.0274 2936 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:50:37.0321 2936 wercplsupport - ok 13:50:37.0352 2936 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:50:37.0383 2936 WerSvc - ok 13:50:37.0430 2936 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:50:37.0461 2936 WfpLwf - ok 13:50:37.0477 2936 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:50:37.0477 2936 WIMMount - ok 13:50:37.0477 2936 WinHttpAutoProxySvc - ok 13:50:37.0539 2936 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:50:37.0570 2936 Winmgmt - ok 13:50:37.0664 2936 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 13:50:37.0726 2936 WinRM - ok 13:50:38.0069 2936 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 13:50:38.0085 2936 WinUsb - ok 13:50:38.0179 2936 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:50:38.0210 2936 Wlansvc - ok 13:50:38.0413 2936 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:50:38.0459 2936 wlidsvc - ok 13:50:38.0491 2936 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:50:38.0522 2936 WmiAcpi - ok 13:50:38.0569 2936 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:50:38.0615 2936 wmiApSrv - ok 13:50:38.0693 2936 WMPNetworkSvc - ok 13:50:38.0787 2936 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe 13:50:38.0803 2936 WMZuneComm - ok 13:50:38.0818 2936 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:50:38.0834 2936 WPCSvc - ok 13:50:38.0881 2936 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 13:50:38.0881 2936 WPDBusEnum - ok 13:50:38.0912 2936 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:50:38.0974 2936 ws2ifsl - ok 13:50:38.0974 2936 WSearch - ok 13:50:39.0099 2936 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 13:50:39.0130 2936 wuauserv - ok 13:50:39.0239 2936 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:50:39.0286 2936 WudfPf - ok 13:50:39.0364 2936 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:50:39.0395 2936 WUDFRd - ok 13:50:39.0411 2936 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 13:50:39.0442 2936 wudfsvc - ok 13:50:39.0473 2936 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 13:50:39.0505 2936 WwanSvc - ok 13:50:39.0973 2936 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe 13:50:40.0113 2936 ZuneNetworkSvc - ok 13:50:40.0160 2936 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe 13:50:40.0175 2936 ZuneWlanCfgSvc - ok 13:50:40.0207 2936 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:50:40.0425 2936 \Device\Harddisk0\DR0 - ok 13:50:40.0425 2936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 13:50:40.0955 2936 \Device\Harddisk1\DR1 - ok 13:50:40.0955 2936 Boot (0x1200) (6bca864d108dbea02149f46e4d968fd4) \Device\Harddisk0\DR0\Partition0 13:50:40.0955 2936 \Device\Harddisk0\DR0\Partition0 - ok 13:50:40.0971 2936 Boot (0x1200) (a03eb9790325c8fb5ab6eda03de54ae9) \Device\Harddisk0\DR0\Partition1 13:50:40.0971 2936 \Device\Harddisk0\DR0\Partition1 - ok 13:50:41.0002 2936 Boot (0x1200) (c3d7808bd0f16dbdbdff9991182fdc1d) \Device\Harddisk0\DR0\Partition2 13:50:41.0002 2936 \Device\Harddisk0\DR0\Partition2 - ok 13:50:41.0002 2936 Boot (0x1200) (b44dad912f19142e9d33213360dcd99f) \Device\Harddisk1\DR1\Partition0 13:50:41.0002 2936 \Device\Harddisk1\DR1\Partition0 - ok 13:50:41.0002 2936 ============================================================ 13:50:41.0002 2936 Scan finished 13:50:41.0002 2936 ============================================================ 13:50:41.0018 4768 Detected object count: 2 13:50:41.0018 4768 Actual detected object count: 2 13:51:56.0489 4768 p2pimsvc ( LockedFile.Multi.Generic ) - skipped by user 13:51:56.0489 4768 p2pimsvc ( LockedFile.Multi.Generic ) - User select action: Skip 13:51:56.0504 4768 PNRPsvc ( LockedFile.Multi.Generic ) - skipped by user 13:51:56.0504 4768 PNRPsvc ( LockedFile.Multi.Generic ) - User select action: Skip OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.07.2012 13:43:03 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Chris\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free 16,00 Gb Paging File | 13,87 Gb Available in Paging File | 86,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 43,47 Gb Free Space | 22,27% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 638,50 Gb Free Space | 86,73% Space Free | Partition Type: NTFS Drive F: | 100,00 Mb Total Space | 70,30 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 344,66 Gb Free Space | 74,00% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () MOD - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Poweroff) -- C:\Windows\SysWOW64\poweroff.exe (Jorgen Bosman) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 10 E6 CE 1E 26 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{35233424-FEF3-49c7-ADF3-53DA0087D00A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{69AADE91-17A5-426d-A0B3-C367AF7FF2F6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\..\SearchScopes\{98B1C9DA-9981-435d-B1CB-B0ED5EB1D757}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.15 09:01:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 20:37:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 20:37:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.08 23:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2012.06.13 16:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\2mf1bwns.default\extensions [2012.07.10 17:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-1.xml [2011.07.12 01:07:59 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-2.xml [2011.08.16 17:42:29 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-3.xml [2011.06.30 10:34:25 | 000,001,056 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin.xml [2012.03.18 03:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.15 09:01:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.01.08 05:35:50 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2MF1BWNS.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI [2012.01.08 05:35:50 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2MF1BWNS.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012.06.17 19:42:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 19:42:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.17 19:42:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 19:42:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 19:42:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 19:42:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 19:42:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Google Mail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.05.29 17:40:57 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15216 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126EEB13-ECDC-4ED3-A487-486A1A1BD64F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7b802ea8-27fe-11e1-9266-1c6f65b84e3f}\Shell - "" = AutoRun O33 - MountPoints2\{7b802ea8-27fe-11e1-9266-1c6f65b84e3f}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{a1cc8d28-b2a5-11e0-bcba-1c6f65b84e3f}\Shell - "" = AutoRun O33 - MountPoints2\{a1cc8d28-b2a5-11e0-bcba-1c6f65b84e3f}\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 13:40:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2012.07.15 10:30:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2012.07.15 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes [2012.07.15 09:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.15 09:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.15 09:19:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.15 09:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.15 09:19:17 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.15 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8EB8A653-4493-4D07-8D82-4B5EE783679D} [2012.07.15 09:04:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{435829AC-B3F4-4210-80DE-E4934B8522F1} [2012.07.15 09:01:13 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.15 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.07.15 08:50:05 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.15 08:50:03 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.15 08:49:52 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2012.07.15 08:49:50 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.15 08:49:50 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.15 08:49:49 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.15 08:49:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.15 08:49:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.15 08:46:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{76743088-BE59-4672-9311-C2AFEA59FF12} [2012.07.15 08:45:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer [2012.07.14 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer [2012.07.14 20:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.07.14 20:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.07.14 20:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.07.14 20:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.07.14 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple [2012.07.14 20:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.07.14 20:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.07.14 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3C9B91B-04DB-4DA7-AFDB-6F178454C33F} [2012.07.14 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1541E038-40C5-4338-9625-5849B92D65C4} [2012.07.14 07:03:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DC3B5DC0-1715-4E07-B7C2-2352CE1127D6} [2012.07.13 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{01E908E7-0655-4136-BE28-DCF0107F774E} [2012.07.13 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{046DB8CA-5185-44F2-9468-C0A4362BD494} [2012.07.13 05:55:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4358E3CA-9DDF-452D-8FB4-A2B0A5846927} [2012.07.13 05:54:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C0B11C11-0469-47D2-BF17-7CB5C027F01A} [2012.07.12 17:54:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D7364E93-F922-4EB6-B3DA-3D1760A95F45} [2012.07.12 17:54:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{49BD5A21-E2F4-4FAF-BAA0-4C9710B366FD} [2012.07.12 05:53:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B7168B1F-4FD2-4C51-9474-764FB35B805E} [2012.07.12 05:53:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4A1A5B54-4A39-4F20-B153-A0B9A3124ED2} [2012.07.12 03:01:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 03:01:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 03:01:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 03:01:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 03:01:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 03:01:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 03:01:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 03:01:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 03:01:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 03:01:27 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 03:01:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 03:01:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 03:01:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FCEF62BD-73FF-40A5-A8F9-744B91B5F893} [2012.07.11 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A71B549-8689-4D29-8880-ECEC7FEA3ACF} [2012.07.11 17:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 17:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 17:47:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 17:47:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 17:47:00 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 05:52:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D2B2EDD1-5838-4530-85A9-7651FFE5977C} [2012.07.11 05:51:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1D06F02-FF4B-4DFB-A9AE-BBE6C2CBF8F5} [2012.07.10 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A34B8DCF-7569-4BEB-A821-B425A86F64BA} [2012.07.10 17:51:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BAFF4169-D639-4E0E-BE05-E3E6854BA1CE} [2012.07.10 07:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.10 05:09:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C823CD6-2981-4F31-A9D9-8A5368B4F0BF} [2012.07.10 05:08:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3B02E43-B002-40FD-B6A4-EEAA57B435E3} [2012.07.09 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{52742C98-2D37-414C-995C-1DAAE2E5B459} [2012.07.09 17:08:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A9D5BD20-A271-430B-9684-B730C13BE94B} [2012.07.09 04:54:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DE08DCE9-2DC3-4835-9E1F-C00F2355F1C6} [2012.07.09 04:54:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C1DD8033-B916-4535-9C67-3723E3F15B90} [2012.07.08 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{56A8A461-D59E-471C-BEAC-C127341C12C1} [2012.07.08 16:54:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2180AC8F-04F3-45F2-9122-E7CE384DD060} [2012.07.08 04:24:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9DA54B8B-F72B-48FD-A84D-32CE8F84CCF0} [2012.07.08 04:24:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9E0CEB38-9B7B-450C-A31D-766E8A736085} [2012.07.07 16:23:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{811B1218-F74B-4C4D-ADB6-48744753764B} [2012.07.07 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BDE01390-7E1A-4A56-A040-9AB5E39A8592} [2012.07.07 04:22:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EF3FD299-21E4-43BE-81C9-AD7364FE3470} [2012.07.07 04:22:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C837BED4-C16F-4BF7-AC05-0E9E1888D262} [2012.07.06 16:22:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7230ACF5-3FD0-4C81-B221-71A236F2ACBB} [2012.07.06 16:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEFF2F5A-C4DD-4858-870B-D8346C859521} [2012.07.06 02:20:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{087011D1-1EEC-4E17-9F81-5A3D45DDA056} [2012.07.06 02:20:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{898E84E1-A110-48F2-B270-DBA745703217} [2012.07.05 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B244D0ED-7734-449F-A6A5-F01E40BD4007} [2012.07.05 14:19:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{15AEC420-9615-4FA2-BCB5-904B8F61B759} [2012.07.04 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{25D6EEB7-31B8-4C57-8B83-447B40494792} [2012.07.04 18:43:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FC5FA3D-EF87-4BBE-8518-DAAFE5F0B1AB} [2012.07.04 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0E080D83-1FBB-4A8F-8827-310F3F7B58A6} [2012.07.04 05:16:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F84AA888-30F7-4340-B812-C162072E46EE} [2012.07.03 17:15:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{28EF44FF-96AF-4456-B39E-5F51AD85EF22} [2012.07.03 17:15:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8AE30797-4DE4-42AD-92BC-C028C1A7E5C7} [2012.07.03 05:15:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D48EFEFB-C50D-4DC2-9353-6DB75F2FE227} [2012.07.03 05:14:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{242A3894-D304-44D4-9CFC-8D6169387A17} [2012.07.02 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A18E93FB-5736-4679-8DE5-18F539358BF0} [2012.07.02 17:13:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBFD11ED-CB34-4482-A651-BBE6EC628D09} [2012.07.02 05:13:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3DAAF61-AE7D-48F4-A9DC-E3617F3194A3} [2012.07.02 05:13:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AF644A76-95DD-4F07-B6EA-2CF93A53562C} [2012.07.01 17:12:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{006E9063-08DD-46AD-99DA-23AA473D22EE} [2012.07.01 17:12:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B37864A9-454C-4BB5-B24C-6CB263589D31} [2012.06.30 20:19:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B43ADB0C-67A7-405D-B4F8-09C0E441F986} [2012.06.30 20:19:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E0DAFE50-31A8-4C32-B412-6AE54C0E9CF1} [2012.06.30 04:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2012.06.30 04:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2012.06.30 04:17:56 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl [2012.06.30 04:17:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield [2012.06.30 04:14:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Razer [2012.06.30 04:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2012.06.26 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia [2012.06.25 06:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A30A1934-18ED-4A03-832B-B9A005606BB8} [2012.06.25 06:25:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{172C4ABB-1CDE-43FD-90A7-031E575BEAE6} [2012.06.24 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E31C20F9-3DEB-4561-A53D-B8CD98CC7135} [2012.06.24 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7237E2BC-C42E-49DE-BB76-5DFB20757EE7} [2012.06.24 06:24:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{93B9658C-9287-42C6-93FE-C8278799591D} [2012.06.24 06:24:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A35DC0CA-8684-44BD-A3D0-051A4AC3D36D} [2012.06.23 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5E9D107A-46F7-47D0-957F-1F25D7E23E83} [2012.06.23 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{455FC0AB-944F-4DC1-B11E-245B18F4B8EE} [2012.06.23 06:23:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2387AD22-1885-450E-89EA-12DA18492D2C} [2012.06.23 06:22:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7F855860-E778-4BA1-B11E-FC7311618EDF} [2012.06.22 18:22:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1BC6A9FF-9A79-465F-ABAA-7C9D085BF1C3} [2012.06.22 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2C72A9B8-A225-4556-A7DB-7BF961AF8F08} [2012.06.22 18:12:42 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 18:12:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 18:12:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 18:12:34 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 18:12:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 18:12:34 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 18:12:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 18:12:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.22 06:21:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D7F44D7C-B7E2-42E4-903D-EE49FFFA1A9D} [2012.06.22 06:21:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{144EEEC3-CD86-4469-A0E3-9DE38E056A89} [2012.06.21 18:20:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E55E6A2B-B897-4719-88C3-10B46B3F0832} [2012.06.21 18:20:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7391E4D1-A060-4C98-81C1-3D9907863697} [2012.06.21 06:38:14 | 000,172,032 | ---- | C] (Jorgen Bosman) -- C:\Windows\SysWow64\poweroff.exe [2012.06.21 06:19:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B55E1F6-3811-45D3-B160-87ADDC0F7008} [2012.06.21 06:19:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{328AAB18-58AB-4BFD-B7EB-8807F649399D} [2012.06.20 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{ACFBF79F-E5B5-4B27-BA2B-E6A4EFD64251} [2012.06.20 18:19:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B597D8AD-655A-4BEC-A092-D7C8A7D4971B} [2012.06.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.20 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{93BF4D88-4500-4745-A5AC-975FBC74A9BD} [2012.06.20 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5D8E4917-8EBE-4BA6-849A-6BE59C623CA9} [2012.06.20 08:02:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EEECA04-7942-4A5A-BF22-F5FE5A3C2468} [2012.06.19 20:01:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D030A5F5-669F-40A4-B649-5694116E8EF3} [2012.06.19 16:41:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C216DFD-F267-409F-B166-4BE136EBC06C} [2012.06.19 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3C8CB34C-6305-4A77-A6E1-3B2D6605BAB2} [2012.06.17 16:55:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A0E0877-50E7-49AD-A5ED-38F31DDBD507} [2012.06.16 04:09:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{08B282EB-102F-4478-95D6-B0D71D8FEAAE} [3 C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\*.tmp files -> C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\*.tmp -> ] [10 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.15 13:40:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2012.07.15 13:39:50 | 000,000,075 | ---- | M] () -- C:\Users\Chris\Documents\aionmemo_ad8ab63c.dat [2012.07.15 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.15 13:12:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 11:30:48 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 11:30:48 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 11:23:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.15 11:22:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.15 11:09:52 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 10:30:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2012.07.15 09:19:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 09:19:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.15 09:01:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.15 08:50:06 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.14 08:05:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.14 08:05:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.14 07:48:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.12 07:29:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 07:29:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.12 07:12:26 | 000,275,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.10 18:48:03 | 000,735,889 | ---- | M] () -- C:\Users\Chris\Desktop\pbsetup.zip [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.30 21:56:05 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.30 05:40:45 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 05:40:45 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 05:40:45 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 05:40:45 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 05:40:45 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [10 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 09:41:47 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\00000008.@ [2012.07.15 09:19:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 08:50:06 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.14 20:36:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.07.13 15:15:09 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\80000064.@ [2012.07.10 18:48:02 | 000,735,889 | ---- | C] () -- C:\Users\Chris\Desktop\pbsetup.zip [2012.07.08 01:37:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\L\00000004.@ [2012.07.07 05:29:20 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\000000cb.@ [2012.06.30 21:56:05 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.26 17:24:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.25 05:51:32 | 000,000,075 | ---- | C] () -- C:\Users\Chris\Documents\aionmemo_ad8ab63c.dat [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@ [2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Users\Chris\AppData\Local\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@ [2012.01.08 05:33:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.01.08 05:33:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2012.01.08 05:33:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.08 05:29:45 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.06.17 04:04:52 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.06.08 22:39:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.06.08 16:52:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.08 16:52:34 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.06.08 16:52:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 13:43:03 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Chris\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free
16,00 Gb Paging File | 13,87 Gb Available in Paging File | 86,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 43,47 Gb Free Space | 22,27% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 638,50 Gb Free Space | 86,73% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 70,30 Mb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 344,66 Gb Free Space | 74,00% Space Free | Partition Type: NTFS
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3383A93C-FD3B-4348-B72E-8AE7777893BF}_is1" = S.T.A.L.K.E.R. - Call of Pripyat
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}" = Angry Birds
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitTorrent" = BitTorrent
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.2.804
"Google Chrome" = Google Chrome
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Saints Row The Third_is1" = Saints Row The Third
"Sniper Elite V2_is1" = Sniper Elite V2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.07.2012 04:22:14 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.07.2012 23:53:09 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.07.2012 00:17:43 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.07.2012 17:02:50 | Computer Name = Chris-pc | Source = WPDMTPDriver | ID = 80836
Description =
Error - 13.07.2012 18:57:01 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.07.2012 19:16:24 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.07.2012 13:49:54 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.07.2012 14:07:56 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.07.2012 02:43:03 | Computer Name = Chris-pc | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST
Software\Avast\asOutExt64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.07.2012 03:03:36 | Computer Name = Chris-pc | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST
Software\Avast\asOutExt64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 15.07.2012 07:50:14 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts. Gerät: \Device\RaidPort0 Modell: SAMSUNG HD103SI
Firmware-Version:
1AG0 Seriennummer: 61823B741B34XY Anschluss: 0
Error - 15.07.2012 07:50:14 | Computer Name = Chris-pc | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 15.07.2012 07:50:17 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts. Gerät: \Device\RaidPort0 Modell: SAMSUNG HD103SI
Firmware-Version:
1AG0 Seriennummer: 61823B741B34XY Anschluss: 0
Error - 15.07.2012 07:50:17 | Computer Name = Chris-pc | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 15.07.2012 07:50:19 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts. Gerät: \Device\RaidPort0 Modell: SAMSUNG HD103SI
Firmware-Version:
1AG0 Seriennummer: 61823B741B34XY Anschluss: 0
Error - 15.07.2012 07:50:19 | Computer Name = Chris-pc | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 15.07.2012 07:50:22 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts. Gerät: \Device\RaidPort0 Modell: SAMSUNG HD103SI
Firmware-Version:
1AG0 Seriennummer: 61823B741B34XY Anschluss: 0
Error - 15.07.2012 07:50:22 | Computer Name = Chris-pc | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 15.07.2012 07:50:24 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995
Description = Datenfehler des Geräts. Gerät: \Device\RaidPort0 Modell: SAMSUNG HD103SI
Firmware-Version:
1AG0 Seriennummer: 61823B741B34XY Anschluss: 0
Error - 15.07.2012 07:50:24 | Computer Name = Chris-pc | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
< End of report >
|
|
15.07.2012, 13:14
| #4 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, vor Ausführung des Script offline gehen und Avast ausschalten (bis zum nächsten Booten)... Fix für OTL:
Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.08 01:37:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\L\00000004.@
[2012.07.07 05:29:20 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\000000cb.@
[2012.07.15 09:41:47 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\00000008.@
[2012.07.13 15:15:09 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\80000064.@
[2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@
[2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Users\Chris\AppData\Local\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@
:Commands
[emptytemp]
[Reboot]
Danach sollte das meiste "entsorgt" sein... In den abgesicherten Modus (F8 beim Booten) gehen und CF laufen lassen (s. u.)... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
15.07.2012, 13:51
| #5 |
| | Ständig Probleme mit Avast (findet win32 Downloader) So ich glaub ich habe alles richtig gemacht , also die virenmeldung is weg nachdem der scan durch war sagte er mir zwar auf alle anwendungen die ich anklicken wollte eine fehlermeldung , die war nach dem pc neustart aber verschwunden , hoffe das ding ist nun runter von meinem pc , aber wie kommt das eigentlich hier drauf ? Ich habe eigentlich kaum was runter geladen nur von offiziellen seiten wie chip oder youtube. Naja auf jeden fall hier ist der logg Combofix Logfile: Code:
ATTFilter ComboFix 12-07-14.01 - Chris 15.07.2012 14:32:41.1.6 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8190.6913 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\assembly\tmp
c:\users\Chris\AppData\Roaming\.#
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 12:19 . 2012-07-15 12:19 -------- d-----w- C:\_OTL
2012-07-15 07:20 . 2012-07-15 07:20 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-07-15 07:19 . 2012-07-15 07:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 07:19 . 2012-07-15 07:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 07:19 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 07:01 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-15 06:50 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-15 06:50 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-15 06:49 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-15 06:49 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-15 06:49 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-15 06:49 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-15 06:49 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-15 06:49 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-15 06:45 . 2012-07-15 06:45 -------- d-----w- c:\users\Chris\AppData\Roaming\Apple Computer
2012-07-14 18:39 . 2012-07-14 18:39 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-14 18:37 . 2012-07-14 18:37 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-14 18:37 . 2012-07-14 18:37 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-14 18:37 . 2012-07-14 18:37 -------- d-----w- c:\programdata\Apple Computer
2012-07-14 18:36 . 2012-07-14 18:36 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-14 18:36 . 2012-07-14 18:36 -------- d-----w- c:\users\Chris\AppData\Local\Apple
2012-07-14 18:36 . 2012-07-14 18:36 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-14 18:36 . 2012-07-14 18:36 -------- d-----w- c:\programdata\Apple
2012-07-12 01:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 14:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23E32042-5079-4FE3-923C-33F519BF256B}\mpengine.dll
2012-06-30 02:18 . 2012-06-30 02:18 -------- d-----w- c:\programdata\Razer
2012-06-30 02:17 . 2007-09-27 17:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2012-06-30 02:17 . 2012-06-30 02:17 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2012-06-30 02:14 . 2012-06-30 02:14 -------- d-----w- c:\users\Chris\AppData\Roaming\Razer
2012-06-30 02:10 . 2012-06-30 02:55 -------- d-----w- c:\program files (x86)\Razer
2012-06-26 15:30 . 2012-06-26 15:30 -------- d-----w- c:\users\Chris\AppData\Local\Macromedia
2012-06-22 16:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:12 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:12 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 04:38 . 2003-08-16 09:07 172032 ----a-w- c:\windows\SysWow64\poweroff.exe
2012-06-20 16:18 . 2012-06-20 16:18 -------- d-----w- c:\windows\de
2012-06-20 16:14 . 2012-06-20 16:14 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\DSETUP.dll
2012-06-20 16:14 . 2012-06-20 16:14 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\DXSETUP.exe
2012-06-20 16:14 . 2012-06-20 16:14 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\dsetup32.dll
2012-06-17 17:42 . 2012-06-17 17:42 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 17:42 . 2012-06-17 17:42 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 06:05 . 2011-06-09 00:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-14 06:05 . 2011-06-08 14:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-14 05:48 . 2011-06-08 14:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-12 05:29 . 2012-04-09 09:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 05:29 . 2011-06-08 21:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2011-06-08 21:10 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-29 19:52 . 2012-05-29 19:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-13 18:33 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 18:33 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 18:33 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 18:33 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 18:33 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 18:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 18:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 18:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 18:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 18:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 18:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 18:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 18:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2011-06-03 979360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176]
R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 05:29]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 11:46]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 11:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2518366123-504797583-867521728-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,dd,bd,30,64,a2,41,b3,9a,0b,73,c7,e7,7a,f6,ad,2b,ed,d0,d5,3e,
1a,fb,d6,c7,f6,38,96,2e,e4,dc,b4,dd,ee,96,a1,d7,c5,8f,9c,04,83,f9,51,04,4f,\
"rkeysecu"=hex:e7,42,29,79,aa,25,3d,4e,3f,6b,9b,e3,b1,c4,c5,07
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15 14:43:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-15 12:43
.
Vor Suchlauf: 12 Verzeichnis(se), 46.420.897.792 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 46.259.462.144 Bytes frei
.
- - End Of File - - A396B011C3F96FF213197FA3B28DC5C3
|
|
15.07.2012, 14:04
| #6 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, das sieht gut aus, allerdings gefallen mir zwei Sachen nicht: CF meldet einen neuen Dienst, der eigentlich zu Windows gehört.. *NewlyCreated* - WS2IFSL Daher die Datei (s. u.) bei www.virustotal.com prüfen lassen, Log posten. C:\Windows\system32\drivers\ws2ifsl.sys Der Killer hat die verseuchte services.exe nicht erkannt, da braut sich was neues zusammen: Code:
ATTFilter Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ --> Ständig Probleme mit Avast (findet win32 Downloader) |
|
15.07.2012, 14:14
| #7 |
| | Ständig Probleme mit Avast (findet win32 Downloader) virustotal findet scheinbar nix scan läuft grad bis jetzt aber zum glück ohne ergebniss ^^ SHA256: e48554d31fbdcf8f985c1c72524caa9106f5b7cc2b79064f8f5e2562d517f090 SHA1: 7c57778e44585a1e202dfa293d2969731c8bc429 MD5: 6bcc1d7d2fd2453957c5479a32364e52 File size: 21.0 KB ( 21504 bytes ) File name: ws2ifsl.sys File type: unknown Detection ratio: 0 / 42 Analysis date: 2012-07-15 13:11:14 UTC ( 0 Minuten ago ) AhnLab-V3 - 20120715 AntiVir - 20120715 Antiy-AVL - 20120712 Avast - 20120715 AVG - 20120714 BitDefender - 20120715 ByteHero - 20120613 CAT-QuickHeal - 20120715 ClamAV - 20120715 Commtouch - 20120715 Comodo - 20120715 DrWeb - 20120715 Emsisoft - 20120715 eSafe - 20120712 F-Prot - 20120715 F-Secure - 20120715 Fortinet - 20120715 GData - 20120715 Ikarus - 20120715 Jiangmin - 20120715 K7AntiVirus - 20120714 Kaspersky - 20120715 McAfee - 20120715 McAfee-GW-Edition - 20120715 Microsoft - 20120715 NOD32 - 20120715 Norman - 20120715 nProtect - 20120715 Panda - 20120715 PCTools - 20120715 Rising - 20120713 Sophos - 20120715 SUPERAntiSpyware - 20120715 Symantec - 20120715 TheHacker - 20120714 TotalDefense - 20120713 TrendMicro - 20120715 TrendMicro-HouseCall - 20120714 VBA32 - 20120712 VIPRE - 20120715 ViRobot - 20120715 VirusBuster - 20120714 |
|
15.07.2012, 14:23
| #8 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, poste noch das Log von MAM... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
15.07.2012, 18:43
| #9 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: CHRIS-PC [Administrator] Schutz: Aktiviert 15.07.2012 15:12:19 mbam-log-2012-07-15 (15-12-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368835 Laufzeit: 41 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07152012_141943\C_Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
16.07.2012, 06:32
| #10 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, nichts neues, Quarantäne von OTL bzw. ComboFix... Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  Wie verhält sich der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
16.07.2012, 07:02
| #11 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Moin  Als ich combofix Deinstalliert habe kahm eine art warnung aber jetzt scheint der Rechner wieder normal zu laufen . Aber mal was anderes wie kommt das ding auf meinen Pc ? ohne das ich irgendwas runter geladen habe mit Aktivierter Firewall (Avast und spybot) ? |
|
16.07.2012, 09:02
| #12 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, da gibt es viele Möglichkeiten, DriveByDownload etc. Normalerweise werden dabei aktiv Sicherheitslücken in Windows ausgenutzt, im übetragenen Sinn werden dann legitime Prozesse "übernommen", die dann was anderes tun (z. B. Schad-SW nachladen)... Wenn das Teil dann ganz Neu ist, hilft ein Signaturbasierter Scanner nicht weiter, nur HOST- bzw. HIPS basierte Systeme (und das auch nicht immer, da muß dann der User u. U. entscheiden und ob er dann das richtige erkennt/tut)... Rechner absichern: Zusätzlich zur Antivirenlösung und der Windows-Firewall noch Threadfire-free (wenn es sich mit der Antivirenlösung "verträgt")Herunterladen Kostenlos). Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden, einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online, Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
16.07.2012, 09:07
| #13 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Danke für die tipps hast mir auf jeden fall geholfen , hoffe das ding ist nun ein für alle mal runter von meinem computer ^^ Und in zukunft werd ich defintiv besser Aufpassen , danke nochmal für die ganze hilfe |
|
16.07.2012, 11:04
| #14 |
| | Ständig Probleme mit Avast (findet win32 Downloader) Hi, gerne, schau Dir auch mal die ct 15, Seite 47 (in der Seitenmitte) an... ;o)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Ständig Probleme mit Avast (findet win32 Downloader) |
| 00000008.@, acrobat update, adobe, adobe flash player, amd, avast, computer, download, downloader, ebanking, exe, fehler, flash player, forum, frage, geforce, heuristiks/extra, heuristiks/shuriken, klick, löschen, neu, nvidia, nvidia update, onlinebanking, plug-in, problem, probleme, ram, safer networking, sekunden, trojaner, win32 |
Linear-Darstellung
