| |
| |||||||
Log-Analyse und Auswertung: logs des system progressive protection trojanersWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.11.2012, 17:54
| #1 |
 |  logs des system progressive protection trojaners Ok, erst mal herzlichsttes Danke daß es dieses Forum gibt. Ich habe eure Anleitung zum entfernen der system progressive protection maleware befolgt und poste nun die logs, dazu ist anzumerken, daß gmer nix fand. soderle. OTL logfile created on: 28.11.2012 17:08:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cosmycfuture\Documents 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 27,21% Memory free 5,99 Gb Paging File | 2,34 Gb Available in Paging File | 39,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226,46 Gb Total Space | 129,47 Gb Free Space | 57,17% Space Free | Partition Type: NTFS Drive D: | 226,56 Gb Total Space | 226,44 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 226,56 Gb Total Space | 225,34 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 908,95 Gb Free Space | 97,60% Space Free | Partition Type: FAT32 Computer Name: COSMYCFUTURE-PC | User Name: cosmycfuture | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.28 17:07:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cosmycfuture\Documents\OTL.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.24 15:05:40 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 20:06:42 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.07.03 04:43:59 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\instProgramme\winamp\winampa.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 15:05:40 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.10.24 15:05:39 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.10.24 15:05:39 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012.10.24 15:05:39 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.10.24 15:05:39 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011.06.25 11:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.25 11:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.07.27 01:30:58 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.24 15:05:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.08.07 13:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.05 17:50:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.07 10:56:19 | 000,301,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.30 14:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bf2&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 07 EA C3 F6 6D CB 01 [binary data] IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - No CLSID value found IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\SearchScopes,DefaultScope = {DB261C6D-D7C6-413E-A244-DA9C1B015D42} IE - HKCU\..\SearchScopes\{D3167839-45DB-48E0-9057-BF7B901DE9E3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120311,16987,0,8,0 IE - HKCU\..\SearchScopes\{DB261C6D-D7C6-413E-A244-DA9C1B015D42}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\instProgramme\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\instProgramme\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012.05.05 18:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cosmycfuture\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2011.09.11 11:28:14 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.iminent.com/?appId=C83A60C2-9F4F-4854-A707-B14E77475941 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\instProgramme\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\instProgramme\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\instProgramme\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: PriceGong = C:\Users\cosmycfuture\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\ CHR - Extension: YouTube = C:\Users\cosmycfuture\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\cosmycfuture\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: BrotherSoft Extreme = C:\Users\cosmycfuture\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\ CHR - Extension: Google Mail = C:\Users\cosmycfuture\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\instProgramme\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\instProgramme\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StereoLinksInstall] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) O4 - HKLM..\Run: [WinampAgent] C:\instProgramme\winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///K:/Programme/Mysteryville%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///K:/Programme/Mysteryville%202/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0157D32E-E455-4321-8FB6-59490FC0D4A3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4E5B48-EE3E-4D95-925E-1EA3CEAC29BE}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b6633804-1585-11e0-be48-001d9272add9}\Shell - "" = AutoRun O33 - MountPoints2\{b6633804-1585-11e0-be48-001d9272add9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 17:07:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cosmycfuture\Documents\OTL.exe [2012.11.28 02:54:23 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.28 02:54:23 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.28 02:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.28 02:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.28 02:53:32 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2012.11.28 02:21:17 | 252,331,096 | ---- | C] (Emsisoft GmbH ) -- C:\Users\cosmycfuture\Documents\EmsisoftAntiMalwareSetup.exe [2012.11.27 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\AppData\Roaming\Malwarebytes [2012.11.27 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 20:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 20:57:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 20:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.27 20:52:58 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\AppData\Roaming\AVG2013 [2012.11.27 20:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.11.27 20:52:31 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\AppData\Roaming\TuneUp Software [2012.11.27 20:52:04 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.11.27 20:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.11.27 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.11.27 20:50:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.27 20:50:02 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\AppData\Local\MFAData [2012.11.27 20:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.11.27 20:50:02 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\AppData\Local\Avg2013 [2012.11.27 20:47:58 | 000,000,000 | ---D | C] -- C:\Users\cosmycfuture\Desktop\rkill [2012.11.27 20:38:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\cosmycfuture\Documents\Marianne.exe [2012.11.27 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\0C2C49979E3AC35600000C2C3D76CEC4 [2007.08.14 06:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\cosmycfuture\AppData\Local\CDRip.dll [2007.01.19 10:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\cosmycfuture\AppData\Local\No23 Recorder.exe [2006.12.12 08:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\cosmycfuture\AppData\Local\basscd.dll [2006.12.12 08:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\cosmycfuture\AppData\Local\bass.dll [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\cosmycfuture\*.tmp files -> C:\Users\cosmycfuture\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.28 17:09:06 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 17:07:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cosmycfuture\Documents\OTL.exe [2012.11.28 17:02:56 | 000,000,168 | ---- | M] () -- C:\Users\cosmycfuture\defogger_reenable [2012.11.28 16:09:14 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 03:30:36 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.28 03:30:36 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.28 03:30:36 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.28 03:30:36 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.28 03:30:36 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 02:35:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 02:35:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 02:26:59 | 252,331,096 | ---- | M] (Emsisoft GmbH ) -- C:\Users\cosmycfuture\Documents\EmsisoftAntiMalwareSetup.exe [2012.11.28 02:07:55 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.11.28 02:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 02:07:50 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 20:58:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 20:52:35 | 000,000,232 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job [2012.11.27 20:52:32 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.27 20:43:33 | 000,000,130 | ---- | M] () -- C:\Users\cosmycfuture\Desktop\System Progressive Protection Support Site.url [2012.11.27 20:38:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\cosmycfuture\Documents\Marianne.exe [2012.11.27 19:50:20 | 145,671,736 | ---- | M] () -- C:\Users\cosmycfuture\Documents\zut.exe [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\cosmycfuture\*.tmp files -> C:\Users\cosmycfuture\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.28 17:02:56 | 000,000,168 | ---- | C] () -- C:\Users\cosmycfuture\defogger_reenable [2012.11.27 20:57:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 20:52:35 | 000,000,232 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job [2012.11.27 20:52:32 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.27 20:43:33 | 000,000,130 | ---- | C] () -- C:\Users\cosmycfuture\Desktop\System Progressive Protection Support Site.url [2012.11.27 19:47:22 | 145,671,736 | ---- | C] () -- C:\Users\cosmycfuture\Documents\zut.exe [2012.06.08 17:34:47 | 000,012,130 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\slot1.mm1 [2012.04.14 22:17:08 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011.11.27 08:39:17 | 000,004,608 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.23 21:32:48 | 000,001,465 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\RecConfig.xml [2011.04.17 09:57:30 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.03.11 21:07:33 | 043,403,368 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Roaming\.minecraft.rar [2010.10.22 10:42:28 | 000,007,619 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\resmon.resmoncfg [2007.08.14 06:46:00 | 000,155,136 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\lame_enc.dll [2006.10.26 14:06:48 | 000,064,000 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\vorbisenc.dll [2006.10.26 14:06:48 | 000,019,456 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\vorbisfile.dll [2006.10.26 14:06:46 | 000,143,872 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\vorbis.dll [2006.10.26 14:06:36 | 000,015,872 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\ogg.dll [2005.08.24 11:34:06 | 000,029,184 | ---- | C] () -- C:\Users\cosmycfuture\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.29 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\.minecraft [2011.07.24 02:18:13 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\20000Leagues [2012.10.28 14:08:11 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\4 Friends Games [2012.10.28 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Abra Academy2 [2012.06.22 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Aeria Games & Entertainment [2012.10.28 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Alawar Stargaze [2012.10.03 10:49:41 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Artogon [2012.11.27 20:52:58 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\AVG2013 [2011.07.31 08:20:28 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Azuaz Games [2012.08.29 08:17:49 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Azureus [2011.09.11 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Babylon [2012.10.21 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Big Fish Games [2012.06.27 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Blue Tea Games [2012.06.26 10:55:12 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Boomzap [2011.07.31 02:09:37 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Casual Arts [2012.06.08 12:04:46 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\casualArts [2011.07.31 10:18:58 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\cerasus.media [2012.08.29 08:17:49 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\DAEMON Tools Lite [2011.08.22 03:04:54 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Dekovir [2011.07.31 09:40:00 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\EleFun Games [2011.07.31 07:54:03 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Elephant Games [2011.07.31 11:56:13 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\ERS G-Studio [2012.10.28 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\ERS Game Studios [2012.09.23 12:10:24 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\FinalTorrent [2011.08.27 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Flood Light Games [2012.10.21 17:38:24 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\FlyWheelGames [2011.06.10 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Forte [2011.08.22 04:07:46 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Frogwares [2011.07.31 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Gamers Digital [2011.01.15 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\GamesFaction [2011.09.11 10:50:54 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\GetRightToGo [2012.10.21 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\HdO Adventure [2011.08.01 02:53:35 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\HiT-MM [2010.12.31 16:31:47 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Jetsetter [2010.11.20 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Longbow Digital Arts [2011.08.07 01:04:36 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Magic Academy [2011.07.31 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Magic Academy 2 [2011.07.24 06:54:27 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\MagicIndie [2010.12.31 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Merscom [2011.08.22 02:51:51 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\My Games [2011.02.20 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Mystery of Mortlake Mansion [2011.07.24 03:15:39 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Mysteryville2 [2011.09.18 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\nHancer [2012.06.27 10:41:51 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Orneon [2012.06.27 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Phantasmat_bf_se1 [2011.09.18 09:09:42 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Philipp Winterberg [2011.08.01 07:25:09 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Pirateville [2012.06.26 11:17:34 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\PlayFavoriteGames [2011.07.31 05:54:14 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\PlayFirst [2010.11.07 12:51:34 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Polynomial [2012.08.13 08:07:59 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\PopCap Games [2012.03.18 01:04:51 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\PriceGong [2011.05.22 06:59:14 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Software4u [2012.10.21 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Specialbit [2012.06.22 03:50:19 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\SpinTop Games [2010.11.06 22:08:43 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Star Ruler [2010.11.01 10:21:28 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\streamripper [2012.06.26 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\TitanicMystery [2011.08.01 05:32:28 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Top Evidence [2012.11.27 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\TuneUp Software [2011.09.18 08:59:59 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\uTorrent [2011.07.31 12:37:39 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\VendelGAMES [2011.07.31 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\Vogat Interactive [2011.07.07 06:34:19 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\WindSolutions [2012.10.21 15:43:01 | 000,000,000 | ---D | M] -- C:\Users\cosmycfuture\AppData\Roaming\YoudaGames ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.06.02 20:04:40 | 000,000,246 | ---- | M] ()(C:\Users\cosmycfuture\Desktop\TEPCO ??????????.url) -- C:\Users\cosmycfuture\Desktop\TEPCO 福島第一原子力発電所.url [2011.06.02 20:04:40 | 000,000,246 | ---- | C] ()(C:\Users\cosmycfuture\Desktop\TEPCO ??????????.url) -- C:\Users\cosmycfuture\Desktop\TEPCO 福島第一原子力発電所.url ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:225CD7D5 @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214 @Alternate Data Stream - 956 bytes -> C:\Users\cosmycfuture\Desktop\Lost Planet: Extreme Condition Trial.lnk @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E32966C0 @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:45E33ED2 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F7FFE8AF @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5A9F1AE5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:319D783D @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EBCF5924 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A3857D86 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:54380FEC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3F266659 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:12D21A9A @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:63A71C6F @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:526B3022 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5025C6E4 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BE0654D6 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C6D0ABC3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:75978481 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4C9782FB @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3651A580 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BD34FFC5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:36FFA2FB @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5E413CD6 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E14FA16F @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943E8182 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6212DF7A @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:03A039A3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP  3A82449@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:85376176 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP 88D995C@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:33E12B7A @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EDC744FB @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E83EE313 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:61B54B15 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3539CD43 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C0893153 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B9EA7F @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3ABC38E6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7ADB695A @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:627153F1 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:551BED5F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FD20BDA6 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EE69D7DF @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C9CDDE5E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:95079543 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:14520962 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP 6D084A5@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:51E1A4D8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B812EE0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2E636DD9 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:895A78C5 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5520ED93 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C72A744C @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FD000392 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A02025CE @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:61F0C8FB @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1DEE6B65 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EC0A74A1 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:9D06FB9C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:943971F5 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:070D9534 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7CA7BED1 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5D351BC6 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E3B5F2D1 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2F6462DF @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8E82994 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:927EC486 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6E2D80C8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0C5AF2AA @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4FE30352 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A56D6987 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6C5EC3CD @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:409A775B @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:90D89144 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:92A815D8 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C07A6A6B @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:523B97A0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:08D8BB20 < End of report > OTL Extras logfile created on: 28.11.2012 17:08:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cosmycfuture\Documents 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 27,21% Memory free 5,99 Gb Paging File | 2,34 Gb Available in Paging File | 39,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226,46 Gb Total Space | 129,47 Gb Free Space | 57,17% Space Free | Partition Type: NTFS Drive D: | 226,56 Gb Total Space | 226,44 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 226,56 Gb Total Space | 225,34 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 908,95 Gb Free Space | 97,60% Space Free | Partition Type: FAT32 Computer Name: COSMYCFUTURE-PC | User Name: cosmycfuture | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\instProgramme\winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\instProgramme\winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\instProgramme\winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\instProgramme\winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\instProgramme\winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\instProgramme\winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1327979D-9FB2-4A96-AF33-9BFDEAAE1F6B}" = lport=2869 | protocol=6 | dir=in | app=system | "{28B9142D-2644-409F-B971-B6511B269137}" = lport=138 | protocol=17 | dir=in | app=system | "{39D62BB3-C79E-469A-A351-47F6DBBCA2B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{41C1F092-1DC7-4A61-AB4B-5258C2DD1867}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A03E782-AE28-4647-929E-7E7DF5172E20}" = lport=139 | protocol=6 | dir=in | app=system | "{5AF368E3-0BBC-418C-B24E-482230ADFEA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5C82A41C-981C-454D-A16E-9249A9EC77BC}" = rport=138 | protocol=17 | dir=out | app=system | "{64D64250-6BDB-4A1D-973E-E9A3E0BBA83F}" = lport=445 | protocol=6 | dir=in | app=system | "{959A494A-3A6A-4B30-8604-53DA979B4F14}" = rport=139 | protocol=6 | dir=out | app=system | "{972F10D3-10D8-4678-9BDC-5C8CD0554DB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A509F7BB-C67E-470B-9433-D4F59F624897}" = lport=137 | protocol=17 | dir=in | app=system | "{B9DA502C-854E-4328-A4F7-2ECB5DBEE3B1}" = rport=137 | protocol=17 | dir=out | app=system | "{C75A6EE5-1C5F-4830-9D61-3DB021CAD677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DD609FDF-B1F6-4048-9F0F-0ED015869B7A}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00087CA8-B8BA-4077-A6FD-BB94990FE54B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{0727775C-2401-46A2-9ED8-F93E895D59DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{0C6192DD-9CAC-4D6B-8A2D-DDDA09655E50}" = dir=in | app=c:\program files (x86)\finaltorrent\finaltorrent.exe | "{0FA862EC-A8ED-4137-9A45-FF0AB923C7AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{1C5125BD-9770-429D-8E3F-A24E749D78F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2870E78E-9FB9-4EC5-A63E-2D3D558AB90C}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{2F9D8D6E-9823-481F-9994-2EDA95C659F2}" = dir=in | app=c:\program files (x86)\finaltorrent\ftcheckforupdates.exe | "{34F00920-C6E4-4E68-AED0-B66DA06058D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{3638CB7F-33A4-41D1-873A-8A077FF391A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{3A4906C8-AE0D-4928-846E-D7C50A33D569}" = dir=in | app=c:\program files (x86)\finaltorrent\finaltorrent.exe | "{3AF58C8F-1056-41E6-A967-8C2DAB2A0B85}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | "{3EB950C7-7F1F-441A-9961-29DD1801C2A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3F6A8F97-518E-4476-96DA-7FABD4D670E0}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | "{4271DFB8-7637-4C97-8DA6-EFB9F9CC035F}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | "{4CA5796C-7ECB-4495-BEA4-708DC1C909B8}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | "{4CFD62B6-1BB1-4BD6-8B68-7B1E4B1EC646}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{50E63A01-2D65-4188-B021-E48B5637E215}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{538157E4-E341-4BBC-B987-8B95F28BAD03}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{58F99C56-3917-4A1F-993B-FB222BC14D25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5EC29C9E-4248-4841-AFB7-ECF0B9C84065}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{6C3F7D87-1D5C-4061-9534-A13D97EE9F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe | "{7293A123-3D7D-42FB-AD06-E52D1406061B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{768E7D9B-2ABF-473F-9C09-C5050ACFD22D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7C1C28CD-A6C8-4A8D-A40B-CF63A52B30BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8A59C55B-1E94-45EB-B594-AC2C69034B20}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | "{8F5D8B32-2E7F-4E06-922A-1396A6F23FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{98669383-44C7-4122-8B9D-8115F611BDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | "{A0174DBA-F347-4C8A-9D2D-2C1539008060}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{A078F487-0FC8-4989-9976-B0A37F27DC4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe | "{A4D18507-1D2B-4324-A4BE-2F3213C15500}" = dir=in | app=c:\program files (x86)\finaltorrent\ftcheckforupdates.exe | "{B30EC898-C7C7-44DE-9292-8F2B13EFA20E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B373B069-C320-43C6-9750-029F1ACF7DC5}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | "{B828DB72-B97B-40B6-A8FE-D27CA4BFFD22}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{C8868A67-558D-430C-A570-801A013D8AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CA3BD56F-BFE9-457B-A9EB-67E60021CCE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CD1F8631-B763-4F00-9B82-767F1523FA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{D7759672-A012-42C3-8368-282B37709A69}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E34C4356-9A6A-4C0B-8552-A7D504C8C81A}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | "{E86ABF6E-9C9F-4F30-9D5C-A29D3967E71F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F56D0B06-B383-4B26-8388-126CF2D08FF2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F7E3926E-A005-4DF6-A631-FD8F78D70DCE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{0F832233-DF2B-41CE-AD3C-8825085C707C}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | "TCP Query User{1B37A1C6-A8CC-4DA3-AF0A-87323061C39C}C:\program files (x86)\microsoft games\halo server\haloded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo server\haloded.exe | "TCP Query User{1EE058B6-CEB8-4C7F-94B9-6D928962D2A1}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "TCP Query User{53B4DA03-3EA5-4118-BE1F-46F1E216F5AA}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | "TCP Query User{5B0284AB-7B16-40F0-9342-19763923442F}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "TCP Query User{848E8B5F-806A-4C3B-A78C-75E7D70358D5}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe | "TCP Query User{86C80B1D-09EC-4C3C-A40F-50A6CA4E8EC8}C:\users\cosmycfuture\appdata\local\temp\rar$ex47.392\f3.exe" = protocol=6 | dir=in | app=c:\users\cosmycfuture\appdata\local\temp\rar$ex47.392\f3.exe | "TCP Query User{883F4862-E172-4411-B4B2-94F141DC3C19}C:\users\cosmycfuture\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cosmycfuture\appdata\local\akamai\netsession_win.exe | "TCP Query User{D88F520F-88F4-4015-AA75-BB41965F0748}C:\instprogramme\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\instprogramme\winamp\winamp.exe | "TCP Query User{EB118635-7968-43D8-BCCC-B7F8F0419C39}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe | "TCP Query User{ECAD62A0-8789-403E-B965-9ED842F77980}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2220E5D0-E99C-4303-BEED-3EE9F43F0675}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe | "UDP Query User{2DD87233-0E34-46A8-9229-50566105C158}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | "UDP Query User{50CF311C-3B45-4DC6-8696-6E62E4FCEA47}C:\program files (x86)\microsoft games\halo server\haloded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo server\haloded.exe | "UDP Query User{57C7D899-578C-4415-AA8B-F28D1DC589DF}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe | "UDP Query User{7C196FF6-5EAD-4EF3-B65F-5EDDA6D83111}C:\users\cosmycfuture\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cosmycfuture\appdata\local\akamai\netsession_win.exe | "UDP Query User{9E7702E4-4B39-401A-9964-B40CB8BF9670}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{A9B557E9-805C-450C-BAA9-812FDFE5A8C8}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | "UDP Query User{B0A503A4-BEDB-4317-AD6A-50737D2664E7}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{B43F8EAD-C2CD-4711-83CD-254A189AA40C}C:\instprogramme\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\instprogramme\winamp\winamp.exe | "UDP Query User{BA2E86D6-19E8-4CC8-A737-EA85C3656DAD}C:\users\cosmycfuture\appdata\local\temp\rar$ex47.392\f3.exe" = protocol=17 | dir=in | app=c:\users\cosmycfuture\appdata\local\temp\rar$ex47.392\f3.exe | "UDP Query User{EDB1B8C0-0D98-4AEA-A173-48058DBE72FB}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D2B1C10F-369B-40BC-B550-271F968C5EE0}" = Intel(R) Network Connections 17.3.63.0 "{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "AVG" = AVG 2013 "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "PROSetDX" = Intel(R) Network Connections 17.3.63.0 "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05A10D05-8389-4CA2-963A-CA7C08AC2BD8}" = iPhone-Konfigurationsprogramm "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{68BA90DE-424A-493E-B069-4EB33590C96C}" = Deaktivierungs-Add-on für Browser von Google Analytics "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C71067FC-288F-4E0B-88C6-44DFDA8311E2}" = System Requirements Lab for Intel "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "65df6446db757f428ab8c929827ab03b" = Dynomite "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVMFBox" = AVM FRITZ!Box Dokumentation "BFGC" = Big Fish Games: Game Manager "CursorFX" = CursorFX "DAEMON Tools Lite" = DAEMON Tools Lite "FinalTorrent_is1" = FinalTorrent 2011 "iMesh" = iMesh "iPhoneBackupExtractor" = iPhone Backup Extractor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Orb" = Winamp Remote "PacSteamT" = PacSteamT "Smart PC Cleaner_is1" = Smart PC Cleaner v3.0 "Steam App 109400" = MicroVolts "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Streamripper" = Streamripper (Remove only) "Trusted Software Assistant_is1" = File Type Assistant "VLC media player" = VLC media player 1.1.5 "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "NetAssistant 3.8.3" = Freeze.com NetAssistant "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.08.2012 18:30:47 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\instprogramme\SoftonicDownloader_fuer_freemusic.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 27.08.2012 18:31:01 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 27.08.2012 18:31:14 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 28.08.2012 01:14:13 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.08.2012 02:54:19 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.08.2012 02:57:43 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.08.2012 03:33:27 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.08.2012 17:10:07 | Computer Name = cosmycfuture-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.08.2012 17:13:04 | Computer Name = cosmycfuture-PC | Source = Software Protection Platform Service | ID = 8200 Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7 Error - 28.08.2012 17:13:04 | Computer Name = cosmycfuture-PC | Source = Software Protection Platform Service | ID = 8208 Description = Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f. [ System Events ] Error - 27.11.2012 15:52:22 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.11.2012 15:52:22 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.11.2012 15:52:23 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.11.2012 15:52:59 | Computer Name = cosmycfuture-PC | Source = DCOM | ID = 10010 Description = Error - 27.11.2012 15:54:02 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 27.11.2012 15:54:08 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 27.11.2012 21:06:42 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 27.11.2012 21:06:44 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 27.11.2012 21:07:55 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 27.11.2012 21:07:57 | Computer Name = cosmycfuture-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > |
|
28.11.2012, 19:13
| #2 | |
| /// TB-Ausbilder  | logs des system progressive protection trojaners Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Dürfen wir das Logfile von Malwarebytes auch sehen?
__________________ |
|
29.11.2012, 18:42
| #3 |
| | logs des system progressive protection trojaners OK, sorry das hab ich in der Aufregung vergessen. Ich poste jetze erst mal nur das erste logfile, wenn du alle haben willst, kriegste och alle. Kurz ein paar infos zu meinem Verdacht wo ich mir das eingefangen habe:
__________________eine mail vom Kabelanbieter, zur Kenntnisnahme das die online-Rechnung bereit steht. Diese sah diesmal komisch ander aus und das login funktionierte auch nicht. Bin dann über die Internetwebside ins Kundencenter und da funktionierte das login. Die Mail würde ich dir gern schicken, aber ich weiß nicht wie ich eine Mail mit 7zip verpacke. Entpacken krieg ich noch hin. Eine andere Möglichkeit: Ich habe in der Suchmaschine budapester vierloch schuheeingegeben und dann auf Bilder geklickt um nach einem bestellten und in Vorkasse bezahlten Artikel zu suchen . Lange rede kurzer Sinn bevor ich mich hier in belangloses Zeug verliere: Hier das erste log. Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.27.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 cosmycfuture :: COSMYCFUTURE-PC [Administrator] Schutz: Aktiviert 27.11.2012 21:00:16 mbam-log-2012-11-27 (21-00-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 307749 Laufzeit: 47 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\0C2C49979E3AC35600000C2C3D76CEC4\0C2C49979E3AC35600000C2C3D76CEC4.exe (Trojan.FakeAlert.SSGen) -> 2160 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Progressive Protection (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C2C49979E3AC35600000C2C3D76CEC4 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\0C2C49979E3AC35600000C2C3D76CEC4\0C2C49979E3AC35600000C2C3D76CEC4.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 9 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\QuestBrwSearch (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\instProgramme\SoftonicDownloader_fuer_freemusic.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\cosmycfuture\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\0C2C49979E3AC35600000C2C3D76CEC4\0C2C49979E3AC35600000C2C3D76CEC4.exe (Trojan.FakeAlert.SSGen) -> Löschen bei Neustart. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
29.11.2012, 19:43
| #4 |
| /// TB-Ausbilder | logs des system progressive protection trojaners Nein so ein Email will ich gar nicht. Und für die Zukunft: Klicke nicht irgendwo hin nur weil es bunt ist oder seriös aussieht! Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.11.2012, 19:37
| #5 |
| | logs des system progressive protection trojaners Hallo ryder, der Schritt mit adwcleaner hat geklappt. Hab eben die Entdeckung gemacht, daß ich eine Anwendung mor.exe habe, die ich nicht zuordnen kann und google und das Trojanerboard sagen mir daß es ein Trojaner ist.son schiet. Soderle. Anbei die logs dds und attach: [CODE]. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 17.10.2010 14:27:25 System Uptime: 30.11.2012 19:15:38 (0 hours ago) . schönes Wochenende und Danke für die Mühe und die Zeit die ihr euch hier gebt und nehmt. Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502 Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 226 GiB total, 129,163 GiB free. D: is FIXED (NTFS) - 227 GiB total, 226,443 GiB free. E: is FIXED (NTFS) - 227 GiB total, 225,338 GiB free. F: is CDROM () G: is FIXED (FAT32) - 931 GiB total, 908,948 GiB free. H: is Removable I: is Removable J: is Removable K: is CDROM () L: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP244: 23.10.2012 20:42:00 - Geplanter Prüfpunkt RP245: 31.10.2012 18:41:55 - Geplanter Prüfpunkt RP246: 10.11.2012 14:11:04 - Geplanter Prüfpunkt RP247: 18.11.2012 17:35:14 - Geplanter Prüfpunkt RP248: 27.11.2012 22:27:37 - Geplanter Prüfpunkt RP249: 28.11.2012 02:29:15 - Windows Update RP250: 28.11.2012 02:50:51 - Windows Update RP251: 28.11.2012 18:37:21 - Installed 7-Zip 9.20 (x64 edition) . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) AdblockIE Adobe Flash Player 10 ActiveX Adobe Flash Player 10 ActiveX 64-bit Adobe Reader X - Deutsch Adobe Shockwave Player 11.6 Akamai NetSession Interface Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2013 AVM FRITZ!Box Dokumentation Big Fish Games: Game Manager Bonjour Call of Duty: Modern Warfare 3 - Multiplayer CCleaner CursorFX DAEMON Tools Lite Deaktivierungs-Add-on für Browser von Google Analytics Dynomite File Type Assistant FinalTorrent 2011 Freeze.com NetAssistant Google Earth Google Update Helper iCloud iMesh Intel(R) Network Connections 17.3.63.0 iPhone-Konfigurationsprogramm iPhone Backup Extractor iTunes Java Auto Updater Java(TM) 6 Update 22 (64-bit) Java(TM) 6 Update 29 Junk Mail filter update Malwarebytes Anti-Malware Version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MicroVolts MobileMe Control Panel MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NetAssistant No23 Recorder Nur Deinstallierung der CopyTrans Suite möglich. NVIDIA 3D Vision Treiber 306.97 NVIDIA Grafiktreiber 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 306.97 NVIDIA Update 1.10.8 NVIDIA Update Components OpenAL PacSteamT PlayReady PC Runtime amd64 PVSonyDll QuickTime Safari SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Drive Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 USB Driver Installer Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Smart PC Cleaner v3.0 Steam Streamripper (Remove only) System Requirements Lab for Intel Visual Studio 2010 x64 Redistributables VLC media player 1.1.5 VoiceOver Kit Winamp Winamp Erkennungs-Plug-in Winamp Remote Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Toolbar Windows Live Writer WinRAR 4.20 (32-Bit) WinRAR 4.20 (64-Bit) WinZip 15.0 . ==== End Of File =========================== Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by cosmycfuture at 19:23:43 on 2012-11-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3070.1847 [GMT 1:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\instProgramme\winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - <orphaned>
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
uURLSearchHooks: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Deaktivierungs-Add-on für Browser von Google Analytics: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\instProgramme\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [WinampAgent] C:\instProgramme\winamp\winampa.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///K:/Programme/Mysteryville%202/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///K:/Programme/Mysteryville%202/Images/armhelper.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{0157D32E-E455-4321-8FB6-59490FC0D4A3} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{BB4E5B48-EE3E-4D95-925E-1EA3CEAC29BE} : DHCPNameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{D292E9CB-1850-4850-A6BB-75CD2410E81B}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D292E9CB-1850-4850-A6BB-75CD2410E81B}\75C414E4D2245463630383 : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\instProgramme\bin\jp2ssv.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-5 283200]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-27 676936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-27 25928]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 61288]
S3 fsssvc;Windows Live Family Safety-Dienst;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-18 1255736]
.
=============== Created Last 30 ================
.
2012-11-28 20:35:32 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2012-11-28 20:35:27 -------- d-----w- C:\Windows\System32\wbem\en-US
2012-11-28 02:44:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C570A9C3-C55F-4DC2-B772-E6A53774B8F4}\mpengine.dll
2012-11-28 02:13:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-11-28 01:54:56 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-28 01:54:23 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-11-28 01:54:23 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-11-28 01:53:46 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-11-28 01:53:32 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-11-28 01:52:37 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-11-28 01:52:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-11-28 01:52:37 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-11-28 01:52:37 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-11-28 01:52:37 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-11-28 01:48:56 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-28 01:48:56 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-28 01:48:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-28 01:48:56 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-28 01:48:56 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-28 01:48:56 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-11-28 01:29:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-11-28 01:29:40 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-11-28 01:29:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-11-28 01:29:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-11-27 19:57:14 -------- d-----w- C:\Users\cosmycfuture\AppData\Roaming\Malwarebytes
2012-11-27 19:57:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-27 19:57:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-27 19:57:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-27 19:52:58 -------- d-----w- C:\Users\cosmycfuture\AppData\Roaming\AVG2013
2012-11-27 19:52:31 -------- d-----w- C:\Users\cosmycfuture\AppData\Roaming\TuneUp Software
2012-11-27 19:52:04 -------- d--h--w- C:\$AVG
2012-11-27 19:52:04 -------- d-----w- C:\ProgramData\AVG2013
2012-11-27 19:51:55 -------- d-----w- C:\Program Files (x86)\AVG
2012-11-27 19:50:02 -------- d--h--w- C:\ProgramData\Common Files
2012-11-27 19:50:02 -------- d-----w- C:\Users\cosmycfuture\AppData\Local\MFAData
2012-11-27 19:50:02 -------- d-----w- C:\Users\cosmycfuture\AppData\Local\Avg2013
2012-11-27 19:50:02 -------- d-----w- C:\ProgramData\MFAData
2012-11-27 18:00:20 -------- d-----w- C:\ProgramData\0C2C49979E3AC35600000C2C3D76CEC4
.
==================== Find3M ====================
.
2012-11-28 02:13:59 49664 ----a-w- C:\Windows\System32\imgutil.dll
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:18:22 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-10 20:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-10 20:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-10 20:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-10 20:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-10 20:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-10 20:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-10 20:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-10 20:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 12:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:39:14 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 21:55:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 02:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 19:24:14,87 ===============
|
|
30.11.2012, 19:44
| #6 | ||
| /// TB-Ausbilder | logs des system progressive protection trojaners Dann bitte Combofix ausführen: Scan mit Combofix
__________________ --> logs des system progressive protection trojaners |
|
01.12.2012, 18:47
| #7 |
| | logs des system progressive protection trojaners Ok hier das log von combofix Code:
ATTFilter ComboFix 12-12-01.01 - cosmycfuture 01.12.2012 18:30:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3070.1952 [GMT 1:00]
ausgeführt von:: c:\users\cosmycfuture\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGJOW4QQ\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\cosmycfuture\AppData\Local\lame_enc.dll
c:\users\cosmycfuture\AppData\Local\no23xwrapper.dll
c:\users\cosmycfuture\AppData\Local\ogg.dll
c:\users\cosmycfuture\AppData\Local\vorbis.dll
c:\users\cosmycfuture\AppData\Local\vorbisenc.dll
c:\users\cosmycfuture\AppData\Local\vorbisfile.dll
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-01 bis 2012-12-01 ))))))))))))))))))))))))))))))
.
.
2012-12-01 17:36 . 2012-12-01 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 20:35 . 2012-11-28 20:35 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-11-28 20:35 . 2012-11-28 20:35 -------- d-----w- c:\windows\system32\wbem\en-US
2012-11-28 17:37 . 2012-11-28 17:37 -------- d-----w- c:\program files\7-Zip
2012-11-28 02:44 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C570A9C3-C55F-4DC2-B772-E6A53774B8F4}\mpengine.dll
2012-11-28 02:13 . 2012-11-28 02:13 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-11-28 01:55 . 2012-11-28 01:55 -------- d-----w- c:\users\UpdatusUser
2012-11-28 01:54 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-28 01:54 . 2012-10-10 20:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-28 01:54 . 2012-10-10 20:23 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-28 01:53 . 2012-11-28 01:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-28 01:53 . 2012-11-28 01:55 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-28 01:52 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-28 01:52 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-28 01:52 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-28 01:52 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-28 01:52 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-11-28 01:48 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-28 01:48 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-11-28 01:48 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-28 01:48 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-28 01:48 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-28 01:48 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-11-28 01:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-28 01:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-28 01:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-11-28 01:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-11-28 01:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-11-28 01:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-11-28 01:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-11-28 01:29 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-28 01:29 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-11-27 19:57 . 2012-11-27 19:57 -------- d-----w- c:\users\cosmycfuture\AppData\Roaming\Malwarebytes
2012-11-27 19:57 . 2012-11-27 19:57 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 19:57 . 2012-11-27 19:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-27 19:57 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-27 19:52 . 2012-11-27 19:52 -------- d-----w- c:\users\cosmycfuture\AppData\Roaming\AVG2013
2012-11-27 19:52 . 2012-11-27 19:52 -------- d-----w- c:\users\cosmycfuture\AppData\Roaming\TuneUp Software
2012-11-27 19:52 . 2012-11-27 19:52 -------- d-----w- c:\programdata\AVG2013
2012-11-27 19:52 . 2012-11-27 19:52 -------- d-----w- C:\$AVG
2012-11-27 19:51 . 2012-11-27 19:51 -------- d-----w- c:\program files (x86)\AVG
2012-11-27 19:50 . 2012-12-01 17:19 -------- d-----w- c:\programdata\MFAData
2012-11-27 19:50 . 2012-11-28 14:23 -------- d-----w- c:\users\cosmycfuture\AppData\Local\Avg2013
2012-11-27 19:50 . 2012-11-27 19:50 -------- d--h--w- c:\programdata\Common Files
2012-11-27 19:50 . 2012-11-27 19:50 -------- d-----w- c:\users\cosmycfuture\AppData\Local\MFAData
2012-11-27 18:00 . 2012-11-28 01:07 -------- d-----w- c:\programdata\0C2C49979E3AC35600000C2C3D76CEC4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-29 20:04 . 2011-01-09 08:32 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2009-07-14 23:54 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2009-07-14 23:54 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 19:51 . 2009-07-14 12:08 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2009-07-14 12:08 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2009-07-14 12:08 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2009-07-14 12:08 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2009-07-14 12:08 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 02:30 . 2012-10-02 02:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 02:46 . 2012-09-21 02:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 02:46 . 2012-09-21 02:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 02:05 . 2012-09-14 02:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-09 07:05 . 2012-09-09 07:05 2295408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-09 07:05 . 2012-09-09 07:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Orb"="c:\program files (x86)\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-09-29 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\instprogramme\winamp\winampa.exe" [2010-07-12 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-18 1255736]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-05 283200]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-07-27 170824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-01 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2012-03-17 13:24]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 23:49]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 23:49]
.
2012-11-27 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:39]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{77f8c945-4b74-4bd6-a073-e0d1997edce8} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\03\06\11\13\1d\"?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-01 18:38:04
ComboFix-quarantined-files.txt 2012-12-01 17:38
.
Vor Suchlauf: 15 Verzeichnis(se), 139.825.909.760 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 140.330.737.664 Bytes frei
.
- - End Of File - - 825302576DCCD7792DA15ABDDB435FC2
|
|
01.12.2012, 20:06
| #8 | |
| /// TB-Ausbilder | logs des system progressive protection trojaners Gut!  Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.12.2012, 02:53
| #9 |
| | logs des system progressive protection trojaners guten morgen Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.01.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 cosmycfuture :: COSMYCFUTURE-PC [Administrator] Schutz: Aktiviert 01.12.2012 20:38:50 mbam-log-2012-12-01 (20-38-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226500 Laufzeit: 2 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe a variant of Win32/SpeedingUpMyPC application
C:\Users\cosmycfuture\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3df6c602-1eec6390 a variant of Java/Exploit.CVE-2012-1723.DQ trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab a variant of Win32/Adware.OneStep.X application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab a variant of Win32/Adware.OneStep.X application
M:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OneStepSrch\onestep210.exe a variant of Win32/Adware.OneStep application
M:\Dokumente und Einstellungen\Barbara\Eigene Dateien\lakefree.exe multiple threats
M:\Dokumente und Einstellungen\Barbara\Eigene Dateien\LSoTDeluxeDESetup-dm.exe a variant of Win32/Adware.Trymedia application
M:\Dokumente und Einstellungen\Barbara\Eigene Dateien\sonntag\Mysteryville 2\ygs-ghmv210.rar probably a variant of Win32/Agent.ERBHPID trojan
M:\Dokumente und Einstellungen\Barbara\Lokale Einstellungen\Temp\InstallFonts.exe probably a variant of Win32/IRCBot.JWAPGDK trojan
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YQ44WYK\upgrade[1].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YQ44WYK\upgrade[2].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YQ44WYK\upgrade[3].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YQ44WYK\upgrade[4].cab a variant of Win32/Adware.OneStep application
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\47C5CNH4\upgrade[1].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\47C5CNH4\upgrade[2].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\47C5CNH4\upgrade[3].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\47C5CNH4\upgrade[4].cab a variant of Win32/Adware.OneStep application
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6HP5DGOB\upgrade[1].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6HP5DGOB\upgrade[2].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6HP5DGOB\upgrade[3].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6HP5DGOB\upgrade[4].cab a variant of Win32/Adware.OneStep application
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V1WU5B0B\upgrade[1].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V1WU5B0B\upgrade[2].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V1WU5B0B\upgrade[3].cab multiple threats
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V1WU5B0B\upgrade[4].cab a variant of Win32/Adware.OneStep application
M:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V1WU5B0B\upgrade[5].cab a variant of Win32/Adware.OneStep application
M:\Downloads\Diamond_Detective-v10-dm[1].exe a variant of Win32/Adware.Trymedia application
M:\Downloads\Setup_Nandas_Island-dm[1].exe a variant of Win32/Adware.Trymedia application
M:\Programme\DAEMON Tools\SetupDTSB.exe Win32/Adware.WhenU.SaveNow application
M:\Programme\OneStepSrch\onestep.dll a variant of Win32/Adware.OneStep application
M:\Programme\OneStepSrch\onestep.exe a variant of Win32/Adware.OneStep application
M:\Programme\OneStepSrch\osopt.exe a variant of Win32/Adware.OneStep.B application
M:\Programme\themexp\oswdvaz118.exe Win32/Adware.OneStep application
M:\Programme\themexp\VVSNInst.exe Win32/Adware.WhenU.SaveNow application
M:\WINDOWS\Downloaded Program Files\r64loader.dll probably a variant of Win32/TrojanDownloader.Small.HSHAGO trojan
M:\WINDOWS\Temp\ONE1.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE1A.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE2.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE22.tmp\upgrade.exe a variant of Win32/Adware.OneStep application
M:\WINDOWS\Temp\ONE3.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE4.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE43.tmp\upgrade.exe a variant of Win32/Adware.OneStep application
M:\WINDOWS\Temp\ONE47.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE491.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE5.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE6.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE7.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE8.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONE9.tmp\upgrade.exe multiple threats
M:\WINDOWS\Temp\ONEA.tmp\upgrade.exe a variant of Win32/Adware.OneStep application
M:\WINDOWS\Temp\ONEB.tmp\upgrade.exe a variant of Win32/Adware.OneStep application
M:\WINDOWS\Temp\ONEC.tmp\upgrade.exe a variant of Win32/Adware.OneStep application
N:\Backup\Spiele\WinZumaSetup-dm.exe a variant of Win32/Adware.Trymedia application
 gute nacht und  guten morgen ryder Schritt 3 macht Probleme,vermutlich weil ich erst versuchte, die älteren Java-Versionen zu deinstallieren. Eine davon weigert sich. Habe dann einen Wiederherstellungspunkt vom 1.12. aktiviert und jetzt security.check ausgeführt. Aber: Im Infobereich der Taskleiste Symbole und Benachrichtigungen befindet sich immer noch die Anwendung "mor.exe" allerdings ohne Symbol. Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` AVG Anti-Virus 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Smart PC Cleaner v3.0 Java(TM) 6 Update 29 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
02.12.2012, 13:00
| #10 | |
| /// TB-Ausbilder | logs des system progressive protection trojanersZitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.12.2012, 14:02
| #11 |
| | logs des system progressive protection trojaners Tut mir leid einen Fehler gemacht zu haben. Ich habe kein Problem damit alle Schritte von Anfang an nochmal zu wiederholen, jetze wo ich sowieso schon eine Menge interessanter Arbeit habe.Bis zur endgültigen Kapitulation (Formartieren aller Festplatten)habe ich noch eine Menge Geduld.  Nachtrag:Bei dem ganzen Prozedere habe ich eine weitere externe Festplatte übersehen. Dort wurde soeben backdoor ircbotHRK gefunden, da steckt vermutlich noch mehr. Geändert von grummelzack (02.12.2012 um 14:10 Uhr) |
|
02.12.2012, 15:08
| #12 |
| /// TB-Ausbilder | logs des system progressive protection trojaners Wie hast du das gefunden und wo ist das Logfile dazu?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.12.2012, 15:50
| #13 |
| | logs des system progressive protection trojaners Während Avast Antivirus free lief, meldete AVG folgende Bedrohungen: backdoor ircbot HRK Adware:Generic3.FKK(davon sehr viele mit jeweils anderen Kennzahlen) AVG bot mir entfernen oder ignorieren an, ich entschied mich für entfernen,leider. Ich kann das log von AVG nicht finden bzw ich weiß nicht wo ich suchen soll und ja ich bin(noch) ein DAU. sorry. jetzt läuft bzw pausiert wegen eben dieser Antwort nochmal malewarebytes antimaleware komplett auf sämtlichen Partitionen und externen festplatten, das wird einige Stunden dauern. |
|
02.12.2012, 15:52
| #14 |
| /// TB-Ausbilder | logs des system progressive protection trojaners Warum läuft Avast, wenn du AVG installiert hast?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.12.2012, 16:04
| #15 |
| | logs des system progressive protection trojaners AVG hat viel Werbung und Kaufaufforderungen,die mich irritieren und zur Nutzung abschrecken,deshalb startete ich Avast ohne daran gedacht zu haben AVG zu deaktivieren.  |
|
| Themen zu logs des system progressive protection trojaners |
| adware.clickpotato, adware.hotbar.cp, adware.questbrowse, adware.seekmo, adware.shoppingreport2, autorun, bonjour, browser, emsisoft, entfernen, firefox, flash player, google analytics, homepage, iexplore.exe, iminent toolbar, install.exe, intranet, maleware, monitor.exe, nvidia update, plug-in, pup.offerbundler.st, registry, richtlinie, rogue.systemprogressiveprotection, security, software, svchost.exe, system, trojan.fakealert.ssgen, trojaner, visual studio, windows |
Button.
und dann 
Linear-Darstellung
