| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Malware-gen in Steam binkw32.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2012, 15:35
| #1 |
| |  Win32:Malware-gen in Steam binkw32.dll Also ich habe gestern eine Runde League of Legends gespielt und habe nach einem Guide gesucht. Bin dann halt auf die Seite Solomid.net gegangen wo ich mir nicht dachte das da was ist weil es eigendlich für eine solche Seite nicht üblich wäre. AVAST hat direkt beim Laden der Website etwas geblockt. So ich habe die Seite ganz normal verlassen danach und hab mir dan weiter nichts gedacht. Dann habe ich über Steam Call of Duty Black Ops 2 gestartet wo aber kein Patch nichts kam aber das eine Installation kurz erfolgt. Ich habe es machen lassen und bin dann auch kurz später Offline gegangen. So ich habe heute Morgen meinen Pc angemacht Steam gestartet wollte Call of Duty Black Ops 2 starten was AVAST aber wieder direkt geblockt hat. In der Datei binkw32.dll wurde ein Win32:Malware-gen gefunden (Pfad: C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\binkw32.dll). Es wurde in den Viren Container verschoben wo ich es dann gelöscht habe. So ich bin mir jetzt nicht ganz sicher ob mein Pc jetzt bereinigt ist oder ob ich Viren etc. habe. Habe über AVAST einen kompletten Scan machen lassen wo nichts kam und eine Startzeit Überprüfung, bei beidem nichts. Ich habe bereits nach der Seite über Virenfund gegooglet wo es aber hieß das der Pc dann schon vorher verseucht ist/war und deswegen Alarm schlägt was ich aber relativ unwarscheinlich empfinde. Über den Virus selbst habe ich nicht so viel gefunden. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 15:28:41 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free 15,96 Gb Paging File | 14,24 Gb Available in Paging File | 89,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,60 Gb Total Space | 288,95 Gb Free Space | 77,55% Space Free | Partition Type: NTFS Drive D: | 544,63 Gb Total Space | 543,87 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 15:11:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe PRC - [2012.11.15 14:31:54 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 14:31:54 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2012.11.12 16:19:06 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.19 16:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.19 16:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.26 11:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 89 BD A7 2B C0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.11 17:47:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.11 17:47:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 17:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.11.14 18:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\24h5b0gd.default\extensions [2012.11.14 18:15:18 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\24h5b0gd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.11 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.11 17:47:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFE09406-8BCA-4D74-8BEA-AF1DA3A703D2}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.11.22 15:11:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2012.11.22 15:07:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2012.11.22 15:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.22 15:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.22 15:07:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.22 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.18 19:36:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\ARA [2012.11.18 13:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.18 13:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.18 13:40:56 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.18 13:40:56 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.18 13:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.16 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\LolClient [2012.11.16 19:14:14 | 000,000,000 | ---D | C] -- C:\Riot Games [2012.11.16 14:26:52 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\gd.sos.McPixel [2012.11.15 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\WinRAR [2012.11.15 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.15 20:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.15 20:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.11.15 18:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.11.15 18:21:36 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft Games [2012.11.15 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\NVIDIA [2012.11.15 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.11.15 15:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.15 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.15 15:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.15 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\League of Legends [2012.11.15 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PMB Files [2012.11.15 14:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.11.15 14:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.11.15 14:31:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\.swt [2012.11.15 14:06:13 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.14 18:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.11.13 18:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.11.13 18:44:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Google [2012.11.13 14:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.11.12 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\CrashRpt [2012.11.12 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Arktos [2012.11.12 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Arktos [2012.11.12 16:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.11.12 16:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.11.12 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.11.12 15:58:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.11.12 15:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.11.12 15:57:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\The War Z [2012.11.11 18:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.11 17:59:47 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.11.11 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Macromedia [2012.11.11 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Macromedia [2012.11.11 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Adobe [2012.11.11 17:55:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.11.11 17:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.11.11 17:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.11 17:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Skype [2012.11.11 17:51:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.11 17:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.11 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.11 17:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.11.11 17:48:13 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.11.11 17:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.11 17:48:12 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.11.11 17:48:09 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.11.11 17:48:08 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.11.11 17:48:07 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.11.11 17:48:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.11.11 17:48:01 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.11.11 17:47:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Mozilla [2012.11.11 17:47:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Mozilla [2012.11.11 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.11 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.11 17:47:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.11.11 17:47:08 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.11 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.11 17:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.11 17:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.11.11 17:41:58 | 000,406,632 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.11.11 17:41:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.11 17:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.11 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\RTLLan_Utility_V2013_WinXPVistaWin73264 [2012.11.11 17:05:00 | 000,032,544 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys [2012.11.11 16:21:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.11 16:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.11 15:58:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Diagnostics [2012.11.11 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\ElevatedDiagnostics [2012.11.11 15:55:23 | 000,000,000 | R--D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.11 15:55:23 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Searches [2012.11.11 15:55:23 | 000,000,000 | R--D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.11 15:55:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Identities [2012.11.11 15:55:13 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Contacts [2012.11.11 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\VirtualStore [2012.11.11 15:55:05 | 000,000,000 | --SD | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Videos [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Saved Games [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Pictures [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Music [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Links [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Favorites [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Downloads [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Documents [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Desktop [2012.11.11 15:55:05 | 000,000,000 | R--D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Vorlagen [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Verlauf [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Temporary Internet Files [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Startmenü [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\SendTo [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Recent [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Netzwerkumgebung [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Lokale Einstellungen [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Videos [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Musik [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Eigene Dateien [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Bilder [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Druckumgebung [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Cookies [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Anwendungsdaten [2012.11.11 15:55:05 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Anwendungsdaten [2012.11.11 15:55:05 | 000,000,000 | -H-D | C] -- C:\Users\Lukas\AppData [2012.11.11 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Temp [2012.11.11 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft [2012.11.11 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.11 15:55:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.11 15:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.11 15:44:30 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.11 15:43:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.11 15:43:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.11.22 15:11:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2012.11.22 15:11:21 | 000,000,000 | ---- | M] () -- C:\Users\Lukas\defogger_reenable [2012.11.22 14:46:31 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 14:46:31 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 14:38:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 14:17:08 | 2132,705,279 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 21:42:52 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 21:42:52 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 21:42:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 21:42:52 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 21:42:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 16:05:09 | 000,065,747 | ---- | M] () -- C:\Users\Lukas\Documents\Buffed.png [2012.11.17 20:17:10 | 001,000,552 | ---- | M] () -- C:\Users\Lukas\Documents\Trade me ... Xin!.png [2012.11.16 19:18:35 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.11.16 14:20:42 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 20:03:35 | 000,545,208 | ---- | M] () -- C:\Users\Lukas\Documents\UMRANDUNG.png [2012.11.12 16:12:25 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.11.12 15:57:57 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk [2012.11.11 20:32:08 | 000,468,881 | ---- | M] () -- C:\Users\Lukas\Documents\5 sup win.png [2012.11.11 20:32:02 | 000,012,631 | ---- | M] () -- C:\Users\Lukas\Documents\Riot Error.png [2012.11.11 20:32:01 | 000,015,423 | ---- | M] () -- C:\Users\Lukas\Documents\Oh Look. Darius is Offline.png [2012.11.11 17:51:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.11 17:48:13 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.11 17:48:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.11.11 17:05:56 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.11.11 16:43:53 | 000,000,017 | ---- | M] () -- C:\Users\Lukas\AppData\Local\resmon.resmoncfg [2012.11.11 15:48:52 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.11 15:48:52 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.11.11 15:47:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe ========== Files Created - No Company Name ========== [2012.11.22 15:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Lukas\defogger_reenable [2012.11.18 16:04:53 | 000,065,747 | ---- | C] () -- C:\Users\Lukas\Documents\Buffed.png [2012.11.18 13:41:22 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.11.18 13:40:05 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.17 20:16:54 | 001,000,552 | ---- | C] () -- C:\Users\Lukas\Documents\Trade me ... Xin!.png [2012.11.16 19:18:35 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.11.15 22:34:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 22:26:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 20:03:25 | 000,545,208 | ---- | C] () -- C:\Users\Lukas\Documents\UMRANDUNG.png [2012.11.12 16:12:25 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.11.12 15:57:57 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk [2012.11.11 20:31:55 | 000,012,631 | ---- | C] () -- C:\Users\Lukas\Documents\Riot Error.png [2012.11.11 20:31:50 | 000,015,423 | ---- | C] () -- C:\Users\Lukas\Documents\Oh Look. Darius is Offline.png [2012.11.11 20:31:45 | 000,468,881 | ---- | C] () -- C:\Users\Lukas\Documents\5 sup win.png [2012.11.11 17:51:26 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.11 17:48:13 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.11 17:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.11.11 17:47:12 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.11 17:41:58 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2012.11.11 17:05:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.11.11 16:43:53 | 000,000,017 | ---- | C] () -- C:\Users\Lukas\AppData\Local\resmon.resmoncfg [2012.11.11 15:56:33 | 000,001,405 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.11 15:56:31 | 000,001,439 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.11 15:48:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.11.11 15:48:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.11.11 15:47:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.11 15:43:59 | 2132,705,279 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.21 17:36:55 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.11.18 19:36:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ARA [2012.11.16 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\gd.sos.McPixel [2012.11.16 20:03:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient ========== Purity Check ========== < End of report > Das Extras Log ist bei mir geöffnet worden habs aber ausversehen geschlossen und finde es jetzt nicht mehr auch nicht über die Suche? :S Ich habe eben den Computer wieder angepacht und habe jetzt auf meinem Desktop zwei Desktop.ini 's. Das eine war als versteckt angezeigt und das war vorher noch nicht so. Habe mal reingeguckt. Inhalt: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 [LocalizedFileNames] Enable 3D Vision Discover.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2001 Disable 3D Vision Discover.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2002 Enable 3D Vision.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2004 Disable 3D Vision.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2005 Enable Windowed Mode.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2009 Disable Windowed Mode.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2010 Enable Stereoscopic Desktop.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2011 Disable Stereoscopic Desktop.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2012 3D Vision Photo Viewer.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2003 NVIDIA Stereoscopic 3D Video Player.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2006 3D Vision preview pack 1.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2008 Set up 3D Vision.lnk=@%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2013 Sollte ich mir da irgendwie Sorgen machen oder ist das von defogger Sehe grade sogar mehr Ordner und Datein die vorher nicht da waren. AVAST Log von heute: Code:
ATTFilter *
* avast! Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Prüfungsname: Komplett
* Start: Donnerstag, 22. November 2012 14:43:15
* VPS: 121122-0, 22.11.2012
*
C:\hiberfil.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\pagefile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\System Volume Information\{2a4d3309-317c-11e2-a800-bcaec5ea2002}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\System Volume Information\{60f8a377-2ff0-11e2-a51b-bcaec5ea2002}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\System Volume Information\{e805f163-30a6-11e2-95fc-bcaec5ea2002}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
Infizierte Dateien: 0
Dateien gesamt: 315896
Ordner gesamt: 24888
Gesamtgröße: 70,0 GB
*
* Prüfung beendet: Donnerstag, 22. November 2012 15:03:08
* Laufzeit war 19 Minute(n), 53 Sekunde(n)
*
*
* avast! Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Prüfungsname: Komplett
* Start: Freitag, 23. November 2012 15:22:19
* VPS: 121123-1, 23.11.2012
*
C:\hiberfil.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\pagefile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\System Volume Information\{2a4d3309-317c-11e2-a800-bcaec5ea2002}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\System Volume Information\{952e4a6c-3576-11e2-a1f9-bcaec5ea2002}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Zugriff verweigert (5)
C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\24h5b0gd.default\webappsstore.sqlite-journal [E] Das System kann die angegebene Datei nicht finden (2)
Infizierte Dateien: 0
Dateien gesamt: 293613
Ordner gesamt: 24651
Gesamtgröße: 69,2 GB
*
* Prüfung beendet: Freitag, 23. November 2012 15:41:11
* Laufzeit war 18 Minute(n), 52 Sekunde(n)
*
|
|
23.11.2012, 18:24
| #2 |
| | Win32:Malware-gen in Steam binkw32.dll So der Eintrag hier kann auch gelöscht werden. Habe meine Partitionen formatiert und Windows neuinstalliert. Da ich sowieso nur 70 Gb belegt hatte ist mir das momentan relativ egal
__________________ . |
|
25.11.2012, 08:56
| #3 |
| /// Helfer-Team  | Win32:Malware-gen in Steam binkw32.dll Schadet nicht Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun?
__________________ |
|
| Themen zu Win32:Malware-gen in Steam binkw32.dll |
| .dll, antivirus, autorun, avast, bho, black, explorer, firefox, format, helper, home, installation, laufzeit, league of legends, logfile, malwarebytes, microsoft, mozilla, nvidia, nvidia update, pando media booster, plug-in, programme, realtek, registry, scan, software, spielen, starten, viren, virus, windows |
Linear-Darstellung
