Trojaner-Board - Ständig Probleme mit Avast (findet win32 Downloader)

Hey erstmal danke fürs Antworten ich habe es genau so gemacht wie du gesagt hast mit Beiden scannern das ist das Ergebniss wär echt super wen ich das ganze system nicht neu aufsetzen müsste :>

TDSS

13:50:35.0261 2936 VClone - ok
13:50:35.0324 2936 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:50:35.0324 2936 vdrvroot - ok
13:50:35.0527 2936 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:50:35.0589 2936 vds - ok
13:50:35.0605 2936 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:35.0620 2936 vga - ok
13:50:35.0636 2936 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:50:35.0698 2936 VgaSave - ok
13:50:35.0714 2936 VGPU - ok
13:50:35.0761 2936 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:50:35.0761 2936 vhdmp - ok
13:50:35.0776 2936 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:50:35.0792 2936 viaide - ok
13:50:35.0823 2936 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:50:35.0839 2936 vmbus - ok
13:50:35.0854 2936 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:50:35.0854 2936 VMBusHID - ok
13:50:35.0885 2936 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:50:35.0885 2936 volmgr - ok
13:50:35.0932 2936 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:50:35.0932 2936 volmgrx - ok
13:50:35.0963 2936 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:50:35.0979 2936 volsnap - ok
13:50:35.0995 2936 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:50:36.0010 2936 vsmraid - ok
13:50:36.0104 2936 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:50:36.0166 2936 VSS - ok
13:50:36.0291 2936 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:50:36.0322 2936 vwifibus - ok
13:50:36.0385 2936 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:50:36.0416 2936 W32Time - ok
13:50:36.0431 2936 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:50:36.0478 2936 WacomPen - ok
13:50:36.0541 2936 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:36.0587 2936 WANARP - ok
13:50:36.0619 2936 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:36.0650 2936 Wanarpv6 - ok
13:50:36.0712 2936 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:50:36.0775 2936 wbengine - ok
13:50:36.0806 2936 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:50:36.0821 2936 WbioSrvc - ok
13:50:36.0853 2936 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:50:36.0899 2936 wcncsvc - ok
13:50:36.0915 2936 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:50:36.0931 2936 WcsPlugInService - ok
13:50:36.0962 2936 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:50:36.0962 2936 Wd - ok
13:50:37.0009 2936 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:50:37.0024 2936 Wdf01000 - ok
13:50:37.0024 2936 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:37.0071 2936 WdiServiceHost - ok
13:50:37.0071 2936 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:37.0087 2936 WdiSystemHost - ok
13:50:37.0133 2936 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:50:37.0180 2936 WebClient - ok
13:50:37.0196 2936 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:50:37.0258 2936 Wecsvc - ok
13:50:37.0274 2936 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:50:37.0321 2936 wercplsupport - ok
13:50:37.0352 2936 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:50:37.0383 2936 WerSvc - ok
13:50:37.0430 2936 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:37.0461 2936 WfpLwf - ok
13:50:37.0477 2936 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:50:37.0477 2936 WIMMount - ok
13:50:37.0477 2936 WinHttpAutoProxySvc - ok
13:50:37.0539 2936 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:50:37.0570 2936 Winmgmt - ok
13:50:37.0664 2936 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:50:37.0726 2936 WinRM - ok
13:50:38.0069 2936 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:50:38.0085 2936 WinUsb - ok
13:50:38.0179 2936 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:50:38.0210 2936 Wlansvc - ok
13:50:38.0413 2936 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:50:38.0459 2936 wlidsvc - ok
13:50:38.0491 2936 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:50:38.0522 2936 WmiAcpi - ok
13:50:38.0569 2936 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:50:38.0615 2936 wmiApSrv - ok
13:50:38.0693 2936 WMPNetworkSvc - ok
13:50:38.0787 2936 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
13:50:38.0803 2936 WMZuneComm - ok
13:50:38.0818 2936 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:50:38.0834 2936 WPCSvc - ok
13:50:38.0881 2936 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:50:38.0881 2936 WPDBusEnum - ok
13:50:38.0912 2936 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:50:38.0974 2936 ws2ifsl - ok
13:50:38.0974 2936 WSearch - ok
13:50:39.0099 2936 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:50:39.0130 2936 wuauserv - ok
13:50:39.0239 2936 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:50:39.0286 2936 WudfPf - ok
13:50:39.0364 2936 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:39.0395 2936 WUDFRd - ok
13:50:39.0411 2936 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:50:39.0442 2936 wudfsvc - ok
13:50:39.0473 2936 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:50:39.0505 2936 WwanSvc - ok
13:50:39.0973 2936 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
13:50:40.0113 2936 ZuneNetworkSvc - ok
13:50:40.0160 2936 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:50:40.0175 2936 ZuneWlanCfgSvc - ok
13:50:40.0207 2936 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:50:40.0425 2936 \Device\Harddisk0\DR0 - ok
13:50:40.0425 2936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:50:40.0955 2936 \Device\Harddisk1\DR1 - ok
13:50:40.0955 2936 Boot (0x1200) (6bca864d108dbea02149f46e4d968fd4) \Device\Harddisk0\DR0\Partition0
13:50:40.0955 2936 \Device\Harddisk0\DR0\Partition0 - ok
13:50:40.0971 2936 Boot (0x1200) (a03eb9790325c8fb5ab6eda03de54ae9) \Device\Harddisk0\DR0\Partition1
13:50:40.0971 2936 \Device\Harddisk0\DR0\Partition1 - ok
13:50:41.0002 2936 Boot (0x1200) (c3d7808bd0f16dbdbdff9991182fdc1d) \Device\Harddisk0\DR0\Partition2
13:50:41.0002 2936 \Device\Harddisk0\DR0\Partition2 - ok
13:50:41.0002 2936 Boot (0x1200) (b44dad912f19142e9d33213360dcd99f) \Device\Harddisk1\DR1\Partition0
13:50:41.0002 2936 \Device\Harddisk1\DR1\Partition0 - ok
13:50:41.0002 2936 ============================================================
13:50:41.0002 2936 Scan finished
13:50:41.0002 2936 ============================================================
13:50:41.0018 4768 Detected object count: 2
13:50:41.0018 4768 Actual detected object count: 2
13:51:56.0489 4768 p2pimsvc ( LockedFile.Multi.Generic ) - skipped by user
13:51:56.0489 4768 p2pimsvc ( LockedFile.Multi.Generic ) - User select action: Skip
13:51:56.0504 4768 PNRPsvc ( LockedFile.Multi.Generic ) - skipped by user
13:51:56.0504 4768 PNRPsvc ( LockedFile.Multi.Generic ) - User select action: Skip

OTL Logfile:

Code:

OTL logfile created on: 15.07.2012 13:43:03 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chris\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free

16,00 Gb Paging File | 13,87 Gb Available in Paging File | 86,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 43,47 Gb Free Space | 22,27% Space Free | Partition Type: NTFS

Drive D: | 736,20 Gb Total Space | 638,50 Gb Free Space | 86,73% Space Free | Partition Type: NTFS

Drive F: | 100,00 Mb Total Space | 70,30 Mb Free Space | 70,30% Space Free | Partition Type: NTFS

Drive G: | 465,76 Gb Total Space | 344,66 Gb Free Space | 74,00% Space Free | Partition Type: NTFS

 

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)

PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()

PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()

MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()

MOD - C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll ()

MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()

MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()

MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()

MOD - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Poweroff) -- C:\Windows\SysWOW64\poweroff.exe (Jorgen Bosman)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()

DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 10 E6 CE 1E 26 CC 01  [binary data]

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{35233424-FEF3-49c7-ADF3-53DA0087D00A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{69AADE91-17A5-426d-A0B3-C367AF7FF2F6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH

IE - HKCU\..\SearchScopes\{98B1C9DA-9981-435d-B1CB-B0ED5EB1D757}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.15 09:01:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 20:37:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 20:37:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.06.08 23:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions

[2012.06.13 16:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\2mf1bwns.default\extensions

[2012.07.10 17:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-1.xml

[2011.07.12 01:07:59 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-2.xml

[2011.08.16 17:42:29 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin-3.xml

[2011.06.30 10:34:25 | 000,001,056 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\searchplugins\icqplugin.xml

[2012.03.18 03:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.15 09:01:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.01.08 05:35:50 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2MF1BWNS.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI

[2012.01.08 05:35:50 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2MF1BWNS.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI

[2012.06.17 19:42:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.17 19:42:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.17 19:42:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.17 19:42:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.17 19:42:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.17 19:42:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.17 19:42:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

CHR - homepage: hxxp://www.google.com

CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Google Mail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.05.29 17:40:57 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 15216 more lines...

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126EEB13-ECDC-4ED3-A487-486A1A1BD64F}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7b802ea8-27fe-11e1-9266-1c6f65b84e3f}\Shell - "" = AutoRun

O33 - MountPoints2\{7b802ea8-27fe-11e1-9266-1c6f65b84e3f}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe

O33 - MountPoints2\{a1cc8d28-b2a5-11e0-bcba-1c6f65b84e3f}\Shell - "" = AutoRun

O33 - MountPoints2\{a1cc8d28-b2a5-11e0-bcba-1c6f65b84e3f}\Shell\AutoRun\command - "" = H:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.15 13:40:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2012.07.15 10:30:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe

[2012.07.15 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes

[2012.07.15 09:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.15 09:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.15 09:19:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.15 09:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.07.15 09:19:17 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.15 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8EB8A653-4493-4D07-8D82-4B5EE783679D}

[2012.07.15 09:04:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{435829AC-B3F4-4210-80DE-E4934B8522F1}

[2012.07.15 09:01:13 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012.07.15 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.07.15 08:50:05 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.07.15 08:50:03 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.07.15 08:49:52 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2012.07.15 08:49:50 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.07.15 08:49:50 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.07.15 08:49:49 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.07.15 08:49:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.07.15 08:49:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.07.15 08:46:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{76743088-BE59-4672-9311-C2AFEA59FF12}

[2012.07.15 08:45:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer

[2012.07.14 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer

[2012.07.14 20:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.07.14 20:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012.07.14 20:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012.07.14 20:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012.07.14 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple

[2012.07.14 20:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012.07.14 20:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012.07.14 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3C9B91B-04DB-4DA7-AFDB-6F178454C33F}

[2012.07.14 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1541E038-40C5-4338-9625-5849B92D65C4}

[2012.07.14 07:03:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DC3B5DC0-1715-4E07-B7C2-2352CE1127D6}

[2012.07.13 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{01E908E7-0655-4136-BE28-DCF0107F774E}

[2012.07.13 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{046DB8CA-5185-44F2-9468-C0A4362BD494}

[2012.07.13 05:55:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4358E3CA-9DDF-452D-8FB4-A2B0A5846927}

[2012.07.13 05:54:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C0B11C11-0469-47D2-BF17-7CB5C027F01A}

[2012.07.12 17:54:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D7364E93-F922-4EB6-B3DA-3D1760A95F45}

[2012.07.12 17:54:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{49BD5A21-E2F4-4FAF-BAA0-4C9710B366FD}

[2012.07.12 05:53:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B7168B1F-4FD2-4C51-9474-764FB35B805E}

[2012.07.12 05:53:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4A1A5B54-4A39-4F20-B153-A0B9A3124ED2}

[2012.07.12 03:01:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.12 03:01:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.12 03:01:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.12 03:01:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.12 03:01:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.12 03:01:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.12 03:01:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.12 03:01:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.12 03:01:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.12 03:01:27 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.12 03:01:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.12 03:01:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.12 03:01:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.11 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FCEF62BD-73FF-40A5-A8F9-744B91B5F893}

[2012.07.11 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A71B549-8689-4D29-8880-ECEC7FEA3ACF}

[2012.07.11 17:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.11 17:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.11 17:47:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.11 17:47:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.11 17:47:00 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.11 05:52:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D2B2EDD1-5838-4530-85A9-7651FFE5977C}

[2012.07.11 05:51:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A1D06F02-FF4B-4DFB-A9AE-BBE6C2CBF8F5}

[2012.07.10 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A34B8DCF-7569-4BEB-A821-B425A86F64BA}

[2012.07.10 17:51:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BAFF4169-D639-4E0E-BE05-E3E6854BA1CE}

[2012.07.10 07:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012.07.10 05:09:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C823CD6-2981-4F31-A9D9-8A5368B4F0BF}

[2012.07.10 05:08:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3B02E43-B002-40FD-B6A4-EEAA57B435E3}

[2012.07.09 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{52742C98-2D37-414C-995C-1DAAE2E5B459}

[2012.07.09 17:08:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A9D5BD20-A271-430B-9684-B730C13BE94B}

[2012.07.09 04:54:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DE08DCE9-2DC3-4835-9E1F-C00F2355F1C6}

[2012.07.09 04:54:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C1DD8033-B916-4535-9C67-3723E3F15B90}

[2012.07.08 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{56A8A461-D59E-471C-BEAC-C127341C12C1}

[2012.07.08 16:54:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2180AC8F-04F3-45F2-9122-E7CE384DD060}

[2012.07.08 04:24:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9DA54B8B-F72B-48FD-A84D-32CE8F84CCF0}

[2012.07.08 04:24:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9E0CEB38-9B7B-450C-A31D-766E8A736085}

[2012.07.07 16:23:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{811B1218-F74B-4C4D-ADB6-48744753764B}

[2012.07.07 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BDE01390-7E1A-4A56-A040-9AB5E39A8592}

[2012.07.07 04:22:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EF3FD299-21E4-43BE-81C9-AD7364FE3470}

[2012.07.07 04:22:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C837BED4-C16F-4BF7-AC05-0E9E1888D262}

[2012.07.06 16:22:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7230ACF5-3FD0-4C81-B221-71A236F2ACBB}

[2012.07.06 16:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEFF2F5A-C4DD-4858-870B-D8346C859521}

[2012.07.06 02:20:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{087011D1-1EEC-4E17-9F81-5A3D45DDA056}

[2012.07.06 02:20:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{898E84E1-A110-48F2-B270-DBA745703217}

[2012.07.05 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B244D0ED-7734-449F-A6A5-F01E40BD4007}

[2012.07.05 14:19:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{15AEC420-9615-4FA2-BCB5-904B8F61B759}

[2012.07.04 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{25D6EEB7-31B8-4C57-8B83-447B40494792}

[2012.07.04 18:43:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FC5FA3D-EF87-4BBE-8518-DAAFE5F0B1AB}

[2012.07.04 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0E080D83-1FBB-4A8F-8827-310F3F7B58A6}

[2012.07.04 05:16:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F84AA888-30F7-4340-B812-C162072E46EE}

[2012.07.03 17:15:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{28EF44FF-96AF-4456-B39E-5F51AD85EF22}

[2012.07.03 17:15:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8AE30797-4DE4-42AD-92BC-C028C1A7E5C7}

[2012.07.03 05:15:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D48EFEFB-C50D-4DC2-9353-6DB75F2FE227}

[2012.07.03 05:14:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{242A3894-D304-44D4-9CFC-8D6169387A17}

[2012.07.02 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A18E93FB-5736-4679-8DE5-18F539358BF0}

[2012.07.02 17:13:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBFD11ED-CB34-4482-A651-BBE6EC628D09}

[2012.07.02 05:13:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D3DAAF61-AE7D-48F4-A9DC-E3617F3194A3}

[2012.07.02 05:13:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AF644A76-95DD-4F07-B6EA-2CF93A53562C}

[2012.07.01 17:12:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{006E9063-08DD-46AD-99DA-23AA473D22EE}

[2012.07.01 17:12:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B37864A9-454C-4BB5-B24C-6CB263589D31}

[2012.06.30 20:19:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B43ADB0C-67A7-405D-B4F8-09C0E441F986}

[2012.06.30 20:19:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E0DAFE50-31A8-4C32-B412-6AE54C0E9CF1}

[2012.06.30 04:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer

[2012.06.30 04:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

[2012.06.30 04:17:56 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl

[2012.06.30 04:17:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield

[2012.06.30 04:14:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Razer

[2012.06.30 04:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

[2012.06.26 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia

[2012.06.25 06:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A30A1934-18ED-4A03-832B-B9A005606BB8}

[2012.06.25 06:25:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{172C4ABB-1CDE-43FD-90A7-031E575BEAE6}

[2012.06.24 18:25:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E31C20F9-3DEB-4561-A53D-B8CD98CC7135}

[2012.06.24 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7237E2BC-C42E-49DE-BB76-5DFB20757EE7}

[2012.06.24 06:24:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{93B9658C-9287-42C6-93FE-C8278799591D}

[2012.06.24 06:24:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A35DC0CA-8684-44BD-A3D0-051A4AC3D36D}

[2012.06.23 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5E9D107A-46F7-47D0-957F-1F25D7E23E83}

[2012.06.23 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{455FC0AB-944F-4DC1-B11E-245B18F4B8EE}

[2012.06.23 06:23:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2387AD22-1885-450E-89EA-12DA18492D2C}

[2012.06.23 06:22:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7F855860-E778-4BA1-B11E-FC7311618EDF}

[2012.06.22 18:22:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1BC6A9FF-9A79-465F-ABAA-7C9D085BF1C3}

[2012.06.22 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2C72A9B8-A225-4556-A7DB-7BF961AF8F08}

[2012.06.22 18:12:42 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012.06.22 18:12:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012.06.22 18:12:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012.06.22 18:12:34 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012.06.22 18:12:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012.06.22 18:12:34 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012.06.22 18:12:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012.06.22 18:12:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012.06.22 06:21:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D7F44D7C-B7E2-42E4-903D-EE49FFFA1A9D}

[2012.06.22 06:21:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{144EEEC3-CD86-4469-A0E3-9DE38E056A89}

[2012.06.21 18:20:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E55E6A2B-B897-4719-88C3-10B46B3F0832}

[2012.06.21 18:20:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7391E4D1-A060-4C98-81C1-3D9907863697}

[2012.06.21 06:38:14 | 000,172,032 | ---- | C] (Jorgen Bosman) -- C:\Windows\SysWow64\poweroff.exe

[2012.06.21 06:19:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B55E1F6-3811-45D3-B160-87ADDC0F7008}

[2012.06.21 06:19:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{328AAB18-58AB-4BFD-B7EB-8807F649399D}

[2012.06.20 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{ACFBF79F-E5B5-4B27-BA2B-E6A4EFD64251}

[2012.06.20 18:19:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B597D8AD-655A-4BEC-A092-D7C8A7D4971B}

[2012.06.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Windows\de

[2012.06.20 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{93BF4D88-4500-4745-A5AC-975FBC74A9BD}

[2012.06.20 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5D8E4917-8EBE-4BA6-849A-6BE59C623CA9}

[2012.06.20 08:02:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EEECA04-7942-4A5A-BF22-F5FE5A3C2468}

[2012.06.19 20:01:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D030A5F5-669F-40A4-B649-5694116E8EF3}

[2012.06.19 16:41:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C216DFD-F267-409F-B166-4BE136EBC06C}

[2012.06.19 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3C8CB34C-6305-4A77-A6E1-3B2D6605BAB2}

[2012.06.17 16:55:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1A0E0877-50E7-49AD-A5ED-38F31DDBD507}

[2012.06.16 04:09:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{08B282EB-102F-4478-95D6-B0D71D8FEAAE}

[3 C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\*.tmp files -> C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\*.tmp -> ]

[10 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.15 13:40:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2012.07.15 13:39:50 | 000,000,075 | ---- | M] () -- C:\Users\Chris\Documents\aionmemo_ad8ab63c.dat

[2012.07.15 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.15 13:12:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.15 11:30:48 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.15 11:30:48 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.15 11:23:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.15 11:22:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.15 11:09:52 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.15 10:30:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe

[2012.07.15 09:19:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.15 09:19:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.15 09:01:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.07.15 08:50:06 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.07.14 08:05:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.07.14 08:05:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.07.14 07:48:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.07.12 07:29:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.12 07:29:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.12 07:12:26 | 000,275,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.10 18:48:03 | 000,735,889 | ---- | M] () -- C:\Users\Chris\Desktop\pbsetup.zip

[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.30 21:56:05 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk

[2012.06.30 05:40:45 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.30 05:40:45 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.30 05:40:45 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.30 05:40:45 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.30 05:40:45 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[10 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.15 09:41:47 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\00000008.@

[2012.07.15 09:19:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.15 08:50:06 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.07.14 20:36:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012.07.13 15:15:09 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\80000064.@

[2012.07.10 18:48:02 | 000,735,889 | ---- | C] () -- C:\Users\Chris\Desktop\pbsetup.zip

[2012.07.08 01:37:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\L\00000004.@

[2012.07.07 05:29:20 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\U\000000cb.@

[2012.06.30 21:56:05 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk

[2012.06.26 17:24:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.25 05:51:32 | 000,000,075 | ---- | C] () -- C:\Users\Chris\Documents\aionmemo_ad8ab63c.dat

[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@

[2012.01.11 04:48:27 | 000,002,048 | -HS- | C] () -- C:\Users\Chris\AppData\Local\{13fd66ed-386f-7bf6-f4c1-ed9e3d5a0f68}\@

[2012.01.08 05:33:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini

[2012.01.08 05:33:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini

[2012.01.08 05:33:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2012.01.08 05:29:45 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.06.17 04:04:52 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011.06.08 22:39:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011.06.08 16:52:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.06.08 16:52:34 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2011.06.08 16:52:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 15.07.2012 13:43:03 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chris\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free

16,00 Gb Paging File | 13,87 Gb Available in Paging File | 86,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 43,47 Gb Free Space | 22,27% Space Free | Partition Type: NTFS

Drive D: | 736,20 Gb Total Space | 638,50 Gb Free Space | 86,73% Space Free | Partition Type: NTFS

Drive F: | 100,00 Mb Total Space | 70,30 Mb Free Space | 70,30% Space Free | Partition Type: NTFS

Drive G: | 465,76 Gb Total Space | 344,66 Gb Free Space | 74,00% Space Free | Partition Type: NTFS

 

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"Zune" = Zune

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3383A93C-FD3B-4348-B72E-8AE7777893BF}_is1" = S.T.A.L.K.E.R. - Call of Pripyat

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}" = Angry Birds

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility

"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49

"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"Battlelog Web Plugins" = Battlelog Web Plugins

"BitTorrent" = BitTorrent

"Diablo III" = Diablo III

"ESN Sonar-0.70.4" = ESN Sonar

"Fraps" = Fraps (remove only)

"Free FLV Converter_is1" = Free FLV Converter V 7.3.0

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.2.804

"Google Chrome" = Google Chrome

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NCLauncher_GameForge" = NC Launcher (GameForge)

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Orbit_is1" = Orbit Downloader

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"Saints Row The Third_is1" = Saints Row The Third

"Sniper Elite V2_is1" = Sniper Elite V2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TrueCrypt" = TrueCrypt

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.1.10

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.07.2012 04:22:14 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 12.07.2012 23:53:09 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 13.07.2012 00:17:43 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 13.07.2012 17:02:50 | Computer Name = Chris-pc | Source = WPDMTPDriver | ID = 80836

Description = 

 

Error - 13.07.2012 18:57:01 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 13.07.2012 19:16:24 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 14.07.2012 13:49:54 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 14.07.2012 14:07:56 | Computer Name = Chris-pc | Source = Customer Experience Improvement Program | ID = 1008

Description = 

 

Error - 15.07.2012 02:43:03 | Computer Name = Chris-pc | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST

 Software\Avast\asOutExt64.dll".  Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 15.07.2012 03:03:36 | Computer Name = Chris-pc | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST

 Software\Avast\asOutExt64.dll".  Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 15.07.2012 07:50:14 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995

Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: SAMSUNG HD103SI
 

Firmware-Version:

 1AG0    Seriennummer: 61823B741B34XY    Anschluss: 0  

 

Error - 15.07.2012 07:50:14 | Computer Name = Chris-pc | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

Error - 15.07.2012 07:50:17 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995

Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: SAMSUNG HD103SI
 

Firmware-Version:

 1AG0    Seriennummer: 61823B741B34XY    Anschluss: 0  

 

Error - 15.07.2012 07:50:17 | Computer Name = Chris-pc | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

Error - 15.07.2012 07:50:19 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995

Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: SAMSUNG HD103SI
 

Firmware-Version:

 1AG0    Seriennummer: 61823B741B34XY    Anschluss: 0  

 

Error - 15.07.2012 07:50:19 | Computer Name = Chris-pc | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

Error - 15.07.2012 07:50:22 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995

Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: SAMSUNG HD103SI
 

Firmware-Version:

 1AG0    Seriennummer: 61823B741B34XY    Anschluss: 0  

 

Error - 15.07.2012 07:50:22 | Computer Name = Chris-pc | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

Error - 15.07.2012 07:50:24 | Computer Name = Chris-pc | Source = nvstor64 | ID = 14548995

Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: SAMSUNG HD103SI
 

Firmware-Version:

 1AG0    Seriennummer: 61823B741B34XY    Anschluss: 0  

 

Error - 15.07.2012 07:50:24 | Computer Name = Chris-pc | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

 

< End of report >

--- --- ---

So ich glaub ich habe alles richtig gemacht , also die virenmeldung is weg nachdem der scan durch war sagte er mir zwar auf alle anwendungen die ich anklicken wollte eine fehlermeldung , die war nach dem pc neustart aber verschwunden , hoffe das ding ist nun runter von meinem pc , aber wie kommt das eigentlich hier drauf ? Ich habe eigentlich kaum was runter geladen nur von offiziellen seiten wie chip oder youtube. Naja auf jeden fall hier ist der logg :)
Combofix Logfile:

Code:

ComboFix 12-07-14.01 - Chris 15.07.2012  14:32:41.1.6 - x64 MINIMAL

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8190.6913 [GMT 2:00]

ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Chris\AppData\Local\assembly\tmp

c:\users\Chris\AppData\Roaming\.#

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

D:\install.exe

.

Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-15 bis 2012-07-15  ))))))))))))))))))))))))))))))

.

.

2012-07-15 12:19 . 2012-07-15 12:19        --------        d-----w-        C:\_OTL

2012-07-15 07:20 . 2012-07-15 07:20        --------        d-----w-        c:\users\Chris\AppData\Roaming\Malwarebytes

2012-07-15 07:19 . 2012-07-15 07:19        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-15 07:19 . 2012-07-15 07:19        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-15 07:19 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-15 07:01 . 2012-07-03 16:21        54072        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2012-07-15 06:50 . 2012-07-03 16:21        25232        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2012-07-15 06:50 . 2012-07-03 16:21        355856        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2012-07-15 06:49 . 2011-05-10 11:59        31064        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2012-07-15 06:49 . 2012-07-03 16:21        958400        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2012-07-15 06:49 . 2012-07-03 16:21        59728        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2012-07-15 06:49 . 2012-07-03 16:21        71064        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2012-07-15 06:49 . 2012-07-03 16:21        41224        ----a-w-        c:\windows\avastSS.scr

2012-07-15 06:49 . 2012-07-03 16:21        227648        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2012-07-15 06:45 . 2012-07-15 06:45        --------        d-----w-        c:\users\Chris\AppData\Roaming\Apple Computer

2012-07-14 18:39 . 2012-07-14 18:39        --------        d-----w-        c:\users\Chris\AppData\Local\Apple Computer

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-07-14 18:37 . 2012-07-14 18:37        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-07-14 18:37 . 2012-07-14 18:37        --------        d-----w-        c:\program files (x86)\QuickTime

2012-07-14 18:37 . 2012-07-14 18:37        --------        d-----w-        c:\programdata\Apple Computer

2012-07-14 18:36 . 2012-07-14 18:36        --------        d-----w-        c:\program files (x86)\Common Files\Apple

2012-07-14 18:36 . 2012-07-14 18:36        --------        d-----w-        c:\users\Chris\AppData\Local\Apple

2012-07-14 18:36 . 2012-07-14 18:36        --------        d-----w-        c:\program files (x86)\Apple Software Update

2012-07-14 18:36 . 2012-07-14 18:36        --------        d-----w-        c:\programdata\Apple

2012-07-12 01:04 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-07-06 14:25 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{23E32042-5079-4FE3-923C-33F519BF256B}\mpengine.dll

2012-06-30 02:18 . 2012-06-30 02:18        --------        d-----w-        c:\programdata\Razer

2012-06-30 02:17 . 2007-09-27 17:44        65536        ----a-w-        c:\windows\SysWow64\Lycosa.cpl

2012-06-30 02:17 . 2012-06-30 02:17        --------        d-----w-        c:\users\Chris\AppData\Roaming\InstallShield

2012-06-30 02:14 . 2012-06-30 02:14        --------        d-----w-        c:\users\Chris\AppData\Roaming\Razer

2012-06-30 02:10 . 2012-06-30 02:55        --------        d-----w-        c:\program files (x86)\Razer

2012-06-26 15:30 . 2012-06-26 15:30        --------        d-----w-        c:\users\Chris\AppData\Local\Macromedia

2012-06-22 16:12 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-22 16:12 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-22 16:12 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-22 16:12 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-22 16:12 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-22 16:12 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-22 16:12 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-22 16:12 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-22 16:12 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-21 04:38 . 2003-08-16 09:07        172032        ----a-w-        c:\windows\SysWow64\poweroff.exe

2012-06-20 16:18 . 2012-06-20 16:18        --------        d-----w-        c:\windows\de

2012-06-20 16:14 . 2012-06-20 16:14        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\DSETUP.dll

2012-06-20 16:14 . 2012-06-20 16:14        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\DXSETUP.exe

2012-06-20 16:14 . 2012-06-20 16:14        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\d28eb8001cd4eff01\dsetup32.dll

2012-06-17 17:42 . 2012-06-17 17:42        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 17:42 . 2012-06-17 17:42        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-14 06:05 . 2011-06-09 00:49        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2012-07-14 06:05 . 2011-06-08 14:52        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2012-07-14 05:48 . 2011-06-08 14:52        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2012-07-12 05:29 . 2012-04-09 09:28        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 05:29 . 2011-06-08 21:09        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 16:21 . 2011-06-08 21:10        285328        ----a-w-        c:\windows\system32\aswBoot.exe

2012-05-29 19:52 . 2012-05-29 19:52        163048        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-04 11:06 . 2012-06-13 18:33        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 18:33        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 18:33        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 18:33        209920        ----a-w-        c:\windows\system32\profsvc.dll

2012-04-28 05:32 . 2012-06-13 18:33        1112064        ----a-w-        c:\windows\system32\rdpcorets.dll

2012-04-28 03:55 . 2012-06-13 18:33        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 18:33        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 18:33        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 18:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 18:33        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 18:33        140288        ----a-w-        c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 18:33        1462272        ----a-w-        c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 18:33        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 18:33        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 18:33        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

2006-05-03 11:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll

2007-02-21 12:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll

2008-03-16 14:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll

2010-01-06 23:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]

"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2011-06-03 979360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176]

R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 05:29]

.

2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 11:46]

.

2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 11:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2mf1bwns.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2518366123-504797583-867521728-1000\Software\SecuROM\License information*]

"datasecu"=hex:10,dd,bd,30,64,a2,41,b3,9a,0b,73,c7,e7,7a,f6,ad,2b,ed,d0,d5,3e,

   1a,fb,d6,c7,f6,38,96,2e,e4,dc,b4,dd,ee,96,a1,d7,c5,8f,9c,04,83,f9,51,04,4f,\

"rkeysecu"=hex:e7,42,29,79,aa,25,3d,4e,3f,6b,9b,e3,b1,c4,c5,07

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-15  14:43:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-15 12:43

.

Vor Suchlauf: 12 Verzeichnis(se), 46.420.897.792 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 46.259.462.144 Bytes frei

.

- - End Of File - - A396B011C3F96FF213197FA3B28DC5C3

--- --- ---