| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 21:18
| #1 |
 |  avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Guten Abend, gestern habe ich mir Avast free antivirus instaliert. Bei dem anschließend durchgeführetne Systemscan fand es nichts, jedoch bei der Startzeit-Prüfung: sowohl im Ordner c:/users/internet/appdata/local/microsoft/windows/temporary internetfiles/content.ie.5/... wie auch im entsprechenden Ordner des zweiten Standard-Benutzerkontos wurde der Trojaner JS  ownloader-blr entdeckt und unter Quarantäne gestellt. Bericht hab ich davon leider keinen, weil ich nicht wusste, dass ich das vorab hätte einstellen müssen/können.Dann habe ich mich umgesehen nach dem fiesen Ding. Dabei habe ich festgestellt, dass der eigentlich schon lange aus der Mode ist (war etwa Mitte letzten Jahres aktuell und das eher selten). Und das Problem sollte gelöst sein, wenn man ihn dann einfach aus der Quarantäne löscht. Da ich aber natürlich auch vorher ein Antiviren-Programm hatte (antivir free av 2011-2013) und mit windows defender auch mal gegengecheckt habe, hatte ich keine Ruhe, ob da nicht doch was unentdeckt geblieben ist und habe mir Malwarebytes nach eurer Anleitung auch noch installiert. Und leider war es erfolgreich. (log hänge ich an) Und was vielleicht auch noch wichtig ist: Vor etwa einem halben Jahr habe ich Bekanntschaft mit einem dieser BKA-Tojaner gehabt, der den Eingangs-Bildschirm blockiert. Den hatte ich aber als vollkommen unproblematisch empfunden, weil ich ihn vom zweiten Standard-Benutzerkonto (noch nicht mal admin) aus in Quarantäne schicken und löschen konnte. Danach wurde er von avira nicht nochmal gefunden. Jetzt meine Frage. Ich bin zu gestern zu avast free antivirus gewechselt, weil ich nach dem Update auf avira free av 2013 (Anfang Dezember) keine normale Systemchecks mehr machen konnte: Für einen vollständigen Scan musste ich die VSS-Dienste von Windows ausschalten und außerdem habe ich seitdem auch Probleme mit meinen Programmen für den Drucker bekommen. Wobei ein Zusammenhang natürlich nicht gegeben sein muss, weil die Druckerprobleme sich auch nach dem Wechsel auf avast nicht gebessert haben. Ich möchte daher mein System sowieso neu aufsetzen. Meine letzte Datensicherung ist von Mitte Dezember, also recht aktuell. Allerdings ist es auch so ziemlich die einzige, die ich noch habe, weil ich sie immer wieder überschrieben habe. Aber kann ich die überhaupt verwenden, oder muss ich befürchten, dass da verseuchte Daten drauf sind? Und kann ich das Neu-Aufsetz-Programm, das auf meinem Rechner auf der "Service-Partition" vorhanden ist nutzen, oder ist das zu unsicher? - Ich habe nämlich mit dem PC keine weitere CD/DVD erhalten, weil das ja alles auf dieser Partition ist. So, vielen Dank schon mal vorab für Eure Mühe. Und jetzt noch der malwarebytes-Text: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.31.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sanne :: SANNE-PC [Administrator] Schutz: Aktiviert 31.01.2013 19:44:07 mbam-log-2013-01-31 (19-44-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 266194 Laufzeit: 4 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
31.01.2013, 23:47
| #2 |
| /// Helfer-Team  | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
01.02.2013, 08:34
| #3 |
| | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Guten Morgen und Danke für die schnelle Reaktion
__________________ hier die gewünschten OTL-Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.02.2013 08:01:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,53 Gb Available Physical Memory | 81,82% Memory free 15,96 Gb Paging File | 14,40 Gb Available in Paging File | 90,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1372,09 Gb Total Space | 1320,92 Gb Free Space | 96,27% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c2e63623f7a64a35e3dd746b90edbc\PresentationFramework.Classic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () ========== Services (SafeList) ========== SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE454 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.30 11:11:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.22 20:07:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.13 11:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.22 20:07:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.13 11:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.23 14:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.12.22 18:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pda9zjn.default\extensions [2012.12.22 18:06:59 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pda9zjn.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013.01.22 20:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.30 11:11:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.01.22 20:07:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D14234F2-9DDC-4906-80D7-F9BF52775886}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.01 07:54:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.31 21:26:58 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Public\Documents\mbam-clean-1.60.2.0003.exe [2013.01.31 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.30 14:23:05 | 000,126,520 | ---- | C] (HP) -- C:\windows\SysNative\HPSIsvc.exe [2013.01.30 14:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.01.30 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.01.30 11:11:34 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013.01.30 11:11:34 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013.01.30 11:11:29 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013.01.30 11:11:26 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013.01.30 11:11:25 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013.01.30 11:11:21 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013.01.30 11:11:21 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013.01.30 11:11:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2013.01.30 11:11:01 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013.01.30 11:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.01.30 11:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.01.22 20:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 14:40:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2013.01.18 10:54:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.01.18 10:54:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.01.18 10:54:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.13 11:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.12 15:18:56 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013.01.12 15:18:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013.01.12 15:18:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013.01.12 15:18:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013.01.12 15:18:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013.01.12 15:18:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013.01.12 15:18:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013.01.12 15:18:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013.01.12 15:18:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013.01.12 15:18:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013.01.12 15:18:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013.01.12 15:18:56 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013.01.12 15:18:56 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013.01.12 15:18:56 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013.01.12 15:18:56 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013.01.12 15:18:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013.01.12 15:18:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013.01.12 15:18:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013.01.12 15:18:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013.01.12 15:18:56 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013.01.12 15:18:56 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013.01.12 15:18:55 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013.01.12 15:18:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013.01.12 15:18:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013.01.12 15:18:55 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013.01.12 15:18:55 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013.01.12 15:18:55 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013.01.12 15:18:55 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013.01.12 15:18:55 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013.01.12 15:18:55 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013.01.12 15:18:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013.01.12 15:18:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013.01.12 15:18:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013.01.12 15:18:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.01.12 15:18:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013.01.12 15:18:32 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013.01.12 15:18:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013.01.12 15:18:32 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.01.12 15:18:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013.01.12 15:18:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.01.12 15:18:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013.01.12 15:18:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.12 15:18:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.12 15:18:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.01.12 15:18:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.12 15:18:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.01.12 15:18:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.01.12 15:18:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.12 15:18:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 15:18:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.12 15:18:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.12 15:18:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.01.12 15:18:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013.01.12 15:18:21 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.01.12 15:18:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013.01.12 15:18:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013.01.12 15:16:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2011.09.16 13:10:53 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2013.02.01 08:00:10 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.01 07:55:42 | 000,313,599 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.02.01 07:55:41 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.01 07:55:10 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 07:55:10 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 07:54:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.01 07:47:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.01 07:47:31 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys [2013.01.31 21:26:58 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Public\Documents\mbam-clean-1.60.2.0003.exe [2013.01.30 11:11:35 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.30 11:11:21 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013.01.30 10:54:35 | 097,565,024 | ---- | M] () -- C:\Users\Public\Documents\avast_free_antivirus7.0.1474_setup.exe [2013.01.27 13:11:16 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.27 13:11:16 | 000,654,594 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.27 13:11:16 | 000,616,476 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.27 13:11:16 | 000,130,208 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.27 13:11:16 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.26 11:09:03 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.01.26 11:09:03 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.12 15:27:49 | 000,389,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe ========== Files Created - No Company Name ========== [2013.01.30 14:23:11 | 000,129,024 | ---- | C] () -- C:\windows\SysNative\HPCP1020LM.dll [2013.01.30 11:11:35 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.30 11:11:21 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2013.01.30 10:52:13 | 097,565,024 | ---- | C] () -- C:\Users\Public\Documents\avast_free_antivirus7.0.1474_setup.exe [2012.12.22 18:54:49 | 000,366,080 | R--- | C] () -- C:\windows\multiflexio.dll [2012.12.22 18:54:49 | 000,235,008 | ---- | C] () -- C:\windows\scsicomm.dll [2012.12.22 18:54:49 | 000,231,936 | R--- | C] () -- C:\windows\netcomm.dll [2012.12.22 18:54:49 | 000,226,304 | R--- | C] () -- C:\windows\hppcompiocomm.dll [2012.12.20 14:09:02 | 000,007,614 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.07.27 10:12:04 | 000,024,772 | ---- | C] () -- C:\ProgramData\HPSSDEF.CSS [2012.07.27 10:12:04 | 000,020,984 | ---- | C] () -- C:\ProgramData\HPSSOSS.HTM [2012.07.27 10:12:04 | 000,002,944 | ---- | C] () -- C:\ProgramData\HPSSSIG.GIF [2012.05.26 15:31:49 | 000,393,256 | ---- | C] () -- C:\windows\SysWow64\CNQ2414N.DAT [2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.11.29 16:00:23 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.09.16 13:41:57 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.09.16 13:41:56 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.09.16 12:51:29 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011.09.16 12:49:09 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.02.12 20:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.02.2013 08:01:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,53 Gb Available Physical Memory | 81,82% Memory free
15,96 Gb Paging File | 14,40 Gb Available in Paging File | 90,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1372,09 Gb Total Space | 1320,92 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{223C52A6-E30F-4DEB-8564-7D89112796E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2FB9248A-BB6B-4ED3-8DEB-A3269F2C77E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D849596-6B40-4671-AD8A-3A1EBC48365F}" = lport=137 | protocol=17 | dir=in | app=system |
"{7A5CD90E-4E33-4797-885F-56411731ADB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80236160-481D-406F-9B6C-8F0E8E8F1EB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94E44D6E-4D5C-4633-BB6C-20C79A62BAD1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A791B44A-4988-4CB7-987C-190057DEC828}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ABCA2F81-70CC-45B4-A93F-4B337D080BDD}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADDD7F55-5DB3-4306-9153-94E2DCF857F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3BBBCA9-59EB-4A4E-80CB-11A9E2F013CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C38DE54E-0ECF-46CE-944A-2B5400BBFC0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0967B39-0364-4B93-95EB-383F387F98B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7AE665D-B514-4760-A492-1037069EC8A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{DCBD71DC-A330-4808-BEC3-9CF6D56DA41B}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E1AE1DF-1CCB-4291-B6E8-279E79CE5AFF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35655A2E-B934-4094-8075-D04F532DD184}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38570579-B833-484F-B5DA-4E09D6E601CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{43F5ADE9-83C1-44E3-9BCA-08162B5F89DD}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs4ae7\hpdiagnosticcoreui.exe |
"{5CDCF89B-6472-4E00-95E3-2ED64DC1C86C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60DD065F-CC1E-4359-A98F-D3826306B6AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DA944FD-FF02-400F-B987-A9C32B40375A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs4ae7\hpdiagnosticcoreui.exe |
"{6FEF1AAC-6D36-47DF-88E7-125A0DF3F92D}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs50a5\hpdiagnosticcoreui.exe |
"{7051F050-B73E-4C6E-BBDA-23D366828620}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{76520051-ADB8-40DD-858E-C66317CBDF9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{773BF4FE-DF37-4366-815A-2BB6B6A43799}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FB35B3F-5311-40C5-BAC7-D0AA9ADD0095}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{858A420E-6BC0-4434-94FC-43D21D3CB681}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{867C5901-D89C-4EBE-BAB1-BE74068A58D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EC3AAA7-109D-46C7-86D0-78D0C90C6607}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{96AB58D4-229C-4A9C-A089-EA6DF0C4243A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{96FD132C-60D5-41DF-BC95-F92944E695D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A7DFCC0F-3D7F-4595-B166-D1010A0352AA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADFDBF1A-A760-477A-81B5-9645AC0CE851}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B3FE7F37-E172-4863-98D5-0C1E79F92CF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA5CAF0A-7F0C-4985-B44C-EA0216ED6C16}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C570A5B3-966E-4CC2-82EA-76C88D050AB0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D65374BA-E1EE-4606-AA3C-E65F43AC5FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D96FA781-B44D-45F5-A1A0-7C7E86D2281C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDE4EDE5-5C85-4CDF-B468-7F56C601321B}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs50a5\hpdiagnosticcoreui.exe |
"{E44FC3B9-21B2-4E38-9F88-A1471363E523}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF67A648-1672-45AF-94A5-100B5ECD881D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{D2FB9FE8-AEF6-4CB0-B290-EDBAA9C910C0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{F464082A-DD70-48E3-9255-24F0138FC028}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5093AE98-D510-4BEB-BAC1-7FC8ECE35B98}" = hppLaserJetService
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31BF057-0D5E-485E-ADFD-560314A27912}" = hppcp1025LaserJetService
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 12.11.1661" = Opera 12.11
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2013 18:00:40 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.01.2013 18:01:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 7.15.635.0,
Zeitstempel: 0x4d39aa4e Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x72c Startzeit der fehlerhaften Anwendung: 0x01cdfffe656b700e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\windows\system32\hppccompio.DLL Berichtskennung: b2f7289f-6bf1-11e2-a54d-c89cdc652d66
Error - 01.02.2013 02:48:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 7.15.635.0,
Zeitstempel: 0x4d39aa4e Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0x01ce0048075aa0bf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\windows\system32\hppccompio.DLL Berichtskennung: 518bf2e7-6c3b-11e2-a880-c89cdc652d66
Error - 01.02.2013 02:48:08 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2013 02:48:12 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2013 02:48:12 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2013 02:49:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2013 02:55:42 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2013 02:55:42 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2013 02:55:42 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 31.01.2013 14:09:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.01.2013 14:09:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 31.01.2013 17:48:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.01.2013 17:48:36 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 31.01.2013 17:57:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.01.2013 17:57:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 31.01.2013 18:00:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.01.2013 18:01:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.02.2013 02:47:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 01.02.2013 02:48:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
01.02.2013, 17:14
| #4 |
| /// Helfer-Team | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: Downloade Dir bitte  SecurityCheck und:
|
|
01.02.2013, 18:31
| #5 |
| | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Hallo, erst mal gute Nachrichten  Malwarebytes Antirootkit meldet: Congratulations, no cleanup is required! - scan finished: No malware found und hier das mbar-log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sanne :: SANNE-PC [administrator]
01.02.2013 18:16:32
mbar-log-2013-02-01 (18-16-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31202
Time elapsed: 17 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Und hier der checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Mozilla Thunderbird (17.0.2)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Viele Grüße |
|
30.03.2013, 08:45
| #6 |
| /// Helfer-Team | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun?
__________________ --> avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA |
|
03.04.2013, 11:34
| #7 |
| | avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA Guten Tag t'john Vielen, vielen Dank für Deine Hilfe und Deine Rückmeldung In der Zwischenzeit habe ich allerdings den Rechner doch noch neu aufgesetzt, da endlich unser Sohn einen eigenen PC bekommen hat und ich dachte, dass eine Aufräumaktion länger gedauert hätte als ein ordentlicher Neuanfang. Und damit sich so schnell nicht wieder was einnistet, habe ich mich noch durch Euren tollen Anleitungsfundus gearbeitet um ihn dann auch ordentlich abzusichern. Ich hoffe also mal, dass Ihr lieben Helfer von mir hier erst mal nicht mehr so schnell was zu lesen bekommt. Viele Grüße und noch mal ein ganz, ganz herzliches Dankeschön  SuNi |
|
| Themen zu avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA |
| administrator, anti-malware, antiviren-programm, antivirus, autostart, avast, avira, dateien, datensicherung, defender, drucker, explorer, festgestellt, free, gelöscht, log, löschen, malwarebytes, neu, ordner, problem, probleme, programme, rechner, trojaner, update |
Linear-Darstellung
