| |
| |||||||
Log-Analyse und Auswertung: iphone 4 gewonnen, internet explorer adWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.07.2011, 21:59
| #16 | |||
| /// TB-Ausbilder   |  iphone 4 gewonnen, internet explorer ad Hallo Lyot, Schritt # 1: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.9
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.12.30 18:25:26 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010.12.27 02:30:28 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org
[2010.12.30 18:25:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found
[2010.11.07 00:46:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RegCleaner
[2011.01.01 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Uniblue
:commands
[Purity]
[Emptytemp]
Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Schritt # 4: Systemscan mit OTL
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
14.07.2011, 08:58
| #17 |
 | iphone 4 gewonnen, internet explorer ad Hallo,
__________________zu antivir: ich hab alle dienste deaktiviert, jedoch kam ich erst jetzt dazu es zu deinstallieren! sollte nun runter sein. zu dem ausgelassenen code: da habe ich wohl ausversehen beim kopieren die letzten 3 zeilen weg gelassen.. hoffe das war nichts gravierendes. ich werde die programme nach der schule in ruhe laufen lassen, da ich nur grade pause habe. danke für die wirklich sehr kompetente hilfe bis hier hin  ps: MBAM hat mir grade mitgeteilt, dass der Zugang zu einer potenziell gefährlichen Webseite gestoppt wurde. Art: ausgehend. Port: 8. grüße Geändert von Lyot (14.07.2011 um 09:25 Uhr) |
|
14.07.2011, 16:08
| #18 | ||||
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot,
__________________Zitat:
Zitat:
Zitat:
Zitat:
|
|
17.07.2011, 14:56
| #19 |
| | iphone 4 gewonnen, internet explorer adCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: cacaoweb@cacaoweb.org:1.0.9 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\lib folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\defaults folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\skin folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\locale folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome\content folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org\chrome folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RegistryBooster\ not found.
C:\Program Files (x86)\RegCleaner\Languages folder moved successfully.
C:\Program Files (x86)\RegCleaner folder moved successfully.
C:\Users\Noxas\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Noxas\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Noxas\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Noxas\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Noxas\AppData\Roaming\Uniblue folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Noxas
->Temp folder emptied: 45479915 bytes
->Temporary Internet Files folder emptied: 100450144 bytes
->Java cache emptied: 870156 bytes
->FireFox cache emptied: 53793311 bytes
->Google Chrome cache emptied: 391907640 bytes
->Flash cache emptied: 245454 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 401462 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35098 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 566,00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07172011_154402
Files\Folders moved on Reboot...
C:\Users\Noxas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7173
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17.07.2011 15:50:19
mbam-log-2011-07-17 (15-50-19).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168637
Laufzeit: 1 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\T7PKEYSDPX (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter 03:21:19 Noxas MESSAGE Protection started successfully
03:21:23 Noxas MESSAGE IP Protection started successfully
03:45:43 Noxas MESSAGE Scheduled update executed successfully
03:46:20 Noxas MESSAGE IP Protection stopped
03:46:22 Noxas MESSAGE Database updated successfully
03:46:22 Noxas MESSAGE IP Protection started successfully
10:06:11 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:06:11 Noxas IP-BLOCK 82.80.245.100 (Type: outgoing, Port: 8)
10:06:11 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:06:19 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:06:19 Noxas IP-BLOCK 82.80.245.100 (Type: outgoing, Port: 8)
10:06:19 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:12:20 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:12:20 Noxas IP-BLOCK 82.80.245.100 (Type: outgoing, Port: 8)
10:12:20 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
10:12:20 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52387, Process: chrome.exe)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52388, Process: chrome.exe)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52389, Process: chrome.exe)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52390, Process: chrome.exe)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52391, Process: chrome.exe)
17:28:58 Noxas IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52392, Process: chrome.exe)
23:19:41 Noxas IP-BLOCK 82.80.245.100 (Type: outgoing, Port: 8)
23:19:41 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
23:19:41 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
23:19:41 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
23:19:41 Noxas IP-BLOCK 83.222.109.20 (Type: outgoing, Port: 8)
Code:
ATTFilter 03:45:57 Noxas MESSAGE Scheduled update executed successfully
03:46:21 Noxas MESSAGE IP Protection stopped
03:46:23 Noxas MESSAGE Database updated successfully
03:46:24 Noxas MESSAGE IP Protection started successfully
14:09:51 Noxas MESSAGE Protection started successfully
14:09:55 Noxas MESSAGE IP Protection started successfully
14:51:24 Noxas IP-BLOCK 82.80.245.100 (Type: outgoing, Port: 8)
14:51:24 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
14:51:24 Noxas IP-BLOCK 83.222.109.30 (Type: outgoing, Port: 8)
Code:
ATTFilter OTL logfile created on: 17.07.2011 15:53:02 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,11% Memory free 8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 481,77 Gb Free Space | 80,82% Space Free | Partition Type: NTFS Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (QipGuard) -- C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) SRV - (Dyyno Launcher) -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 B4 22 03 BB 10 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..browser.startup.homepage: "hxxp://qip.ru" FF - prefs.js..browser.search.selectedEngine: "QIP Search" FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Noxas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.22 16:14:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.23 15:29:00 | 000,000,000 | ---D | M] [2010.12.22 16:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Extensions [2011.07.17 15:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions [2011.05.25 15:04:02 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2011.04.16 17:36:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.01 21:10:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\icqplugin.xml [2011.05.25 15:04:23 | 000,002,062 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\qip-search.xml [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.08 15:10:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.23 15:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.15 12:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\NOXAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ471BPQ.DEFAULT\EXTENSIONS\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} File not found (No name found) -- C:\USERS\NOXAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ471BPQ.DEFAULT\EXTENSIONS\CACAOWEB@CACAOWEB.ORG File not found (No name found) -- C:\USERS\NOXAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ471BPQ.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.12 21:15:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.17 15:44:02 | 000,000,000 | ---D | C] -- C:\_OTL [2011.07.13 21:15:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Noxas\Desktop\aswMBR.exe [2011.07.13 12:09:30 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.07.13 12:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 12:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 12:09:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 12:09:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.07.13 12:09:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.07.13 12:09:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.07.13 12:09:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.07.13 12:09:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.07.13 12:09:14 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.07.13 12:09:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.07.13 12:09:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.07.13 12:09:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.07.13 12:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.07.13 12:09:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.07.13 12:09:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.07.13 12:09:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.07.13 12:09:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.07.13 12:09:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.07.12 21:18:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.07.12 21:15:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.07.12 21:07:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.07.12 21:07:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.07.12 21:07:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.07.12 21:06:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.07.12 21:06:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.07.12 21:05:53 | 004,149,129 | R--- | C] (Swearware) -- C:\Users\Noxas\Desktop\ComboFix.exe [2011.07.12 19:08:15 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.12 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Malwarebytes [2011.07.12 15:06:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.12 15:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.12 15:06:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.12 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.09 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.07.09 13:40:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.07.09 13:40:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.07.09 13:40:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Local\ArmA 2 Free [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Documents\ArmA 2 [2011.06.30 13:27:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.06.29 15:35:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.06.29 15:35:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.06.29 15:35:21 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.06.29 15:35:20 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.06.29 15:35:20 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.06.29 15:35:20 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.06.29 15:35:19 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.06.29 15:35:18 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.06.29 15:35:18 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.06.29 15:35:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.06.29 15:35:18 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.06.29 15:35:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll [2011.06.29 15:35:18 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.06.29 15:35:18 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.06.29 15:35:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.06.29 15:35:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2011.06.27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.06.27 21:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.27 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.06.26 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!! [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.17 15:53:35 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 15:53:35 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 15:52:24 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.17 15:52:24 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.17 15:52:24 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.17 15:52:24 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.17 15:52:24 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.17 15:46:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.17 15:46:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.17 15:46:07 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.07.17 15:31:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.17 15:30:48 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000UA.job [2011.07.16 22:14:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000Core.job [2011.07.15 17:43:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.15 14:51:56 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.07.15 14:51:56 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.07.15 14:50:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.07.14 09:54:56 | 000,002,363 | ---- | M] () -- C:\Users\Noxas\Desktop\Google Chrome.lnk [2011.07.14 03:18:58 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.13 22:08:51 | 000,000,512 | ---- | M] () -- C:\Users\Noxas\Desktop\MBR.dat [2011.07.12 21:15:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.07.12 21:05:34 | 004,149,129 | R--- | M] (Swearware) -- C:\Users\Noxas\Desktop\ComboFix.exe [2011.07.12 19:08:07 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Noxas\Desktop\aswMBR.exe [2011.07.12 18:19:31 | 000,000,000 | ---- | M] () -- C:\Users\Noxas\defogger_reenable [2011.07.12 14:57:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.30 13:27:44 | 385,101,516 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | M] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.27 01:51:52 | 632,653,730 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:51:05 | 836,911,523 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.06.27 01:44:51 | 000,007,608 | ---- | M] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.15 17:43:51 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.13 22:08:51 | 000,000,512 | ---- | C] () -- C:\Users\Noxas\Desktop\MBR.dat [2011.07.12 21:07:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.07.12 21:07:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.07.12 21:07:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.07.12 21:07:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.07.12 21:07:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.07.12 18:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Noxas\defogger_reenable [2011.06.30 13:27:44 | 385,101,516 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | C] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.27 01:41:54 | 632,653,730 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:41:29 | 836,911,523 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.05.15 14:35:37 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI [2011.04.23 23:24:14 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.04.23 23:24:14 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.04.23 23:24:14 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.04.03 02:47:54 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.31 21:56:26 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.31 21:56:25 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.31 21:56:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.24 00:18:34 | 000,301,056 | ---- | C] () -- C:\Windows\SysWow64\XDogcat.dll [2010.12.21 19:37:20 | 046,504,568 | ---- | C] () -- C:\Users\Noxas\AppData\Roaming\.minecraft.zip [2010.12.09 17:25:56 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.09 17:25:55 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.06 18:02:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.31 18:15:53 | 000,007,608 | ---- | C] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2004.02.20 22:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.07.2011 15:53:02 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,11% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 481,77 Gb Free Space | 80,82% Space Free | Partition Type: NTFS
Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
"{FDF7AE84-273E-47FD-9E39-CE0CB90A175B}" = Darkfall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArmA 2" = ArmA 2 Free Uninstall
"AVI Screen Saver" = AVI Screen Saver
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"DivX Setup.divx.com" = DivX-Setup
"Dyyno Broadcaster" = Dyyno Broadcaster
"EADM" = EA Download Manager
"Electric Sheep" = Electric Sheep 2.7b29
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.11.426
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mumble" = Mumble and Murmur
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Downloader Toolbar" = Video Downloader Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2010" = QIP 2010 3.1.5488
"QipGuard" = QIP Internet Guardian
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2011 08:17:13 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.07.2011 08:17:13 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.07.2011 14:00:01 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.07.2011 15:00:00 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.07.2011 12:23:21 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.07.2011 12:33:40 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.07.2011 12:33:40 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.07.2011 09:33:36 | Computer Name = MICHAEL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.07.2011 09:46:21 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.07.2011 09:49:27 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 30.06.2011 08:06:53 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.06.2011 11:24:12 | Computer Name = Michael | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?06.?2011 um 17:22:28 unerwartet heruntergefahren.
Error - 30.06.2011 11:25:43 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.06.2011 11:29:52 | Computer Name = Michael | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 12.07.2011 08:44:55 | Computer Name = Michael | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?07.?2011 um 00:02:23 unerwartet heruntergefahren.
Error - 12.07.2011 11:26:48 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 12.07.2011 12:18:08 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 12.07.2011 15:10:40 | Computer Name = Michael | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12.07.2011 15:13:02 | Computer Name = Michael | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12.07.2011 15:13:31 | Computer Name = Michael | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Geändert von Lyot (17.07.2011 um 15:08 Uhr) |
|
17.07.2011, 20:47
| #20 | |
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Schritt # 1: Kontrolle mit VirusTotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Schritt # 2: Benutzerdefinierter Scan mit OTL
Code:
ATTFilter /md5start
wimmount.sys
gvhadszw.sys
/md5stop
Schritt # 3: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
21.07.2011, 20:43
| #21 |
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
22.07.2011, 11:13
| #22 |
| | iphone 4 gewonnen, internet explorer adCode:
ATTFilter hxxp://www.virustotal.com/file-scan/report.html?id=cea21302b3e855ee592810d4e0de10e47a47a393064c435463cd54598735cd8d-1311328959
Code:
ATTFilter OTL logfile created on: 22.07.2011 12:10:43 - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,10 Gb Available Physical Memory | 77,65% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 482,34 Gb Free Space | 80,92% Space Free | Partition Type: NTFS
Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: WIMMOUNT.SYS >
[2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) MD5=05ECAEC3E4529A7153B3136CEB49F0EC -- C:\Windows\SysNative\drivers\wimmount.sys
[2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) MD5=05ECAEC3E4529A7153B3136CEB49F0EC -- C:\Windows\winsxs\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_6.1.7600.16385_none_e4f094112e8f905d\wimmount.sys
[2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=5CF95B35E59E2A38023836FFF31BE64C -- C:\Windows\SysWOW64\drivers\wimmount.sys
[2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=5CF95B35E59E2A38023836FFF31BE64C -- C:\Windows\winsxs\x86_microsoft-windows-wimgapi_31bf3856ad364e35_6.1.7600.16385_none_88d1f88d76321f27\wimmount.sys
[2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=5CF95B35E59E2A38023836FFF31BE64C -- C:\Windows\winsxs\x86_microsoft-windows-wimgapi_31bf3856ad364e35_6.1.7601.17514_none_8b030c557320a2c1\wimmount.sys
< End of report >
Schritt # 3: Fragen beantworten Bitte beantworte mir folgende Fragen: Wie läuft dein Rechner derzeit? Ich habe ca. 2 mal in der Woche einen Freeze, bei dem eine rote LED am An-/Ausknopf leuchtet. Zudem hakt kurz vor dem Freeze der Sound, er wird verzerrt. Meldet MBAM immer noch, dass der Zugang zu einer evtl. potentiellen Website blockiert wird? Ja, MBAM meldet immernoch, dass der Zugang blockiert wird. Ca. 3-5 mal am Tag. Welche Seite hast du zur Zeit der Meldung aufgerufen? Ein oder zweimal kam die Meldung beim Aufruf einer Pornoseite, da bin ich mir sicher (ist auch irgendwie einleuchtend.) Die anderen Male weiß ich nicht, aber ich werde drauf achten und bescheid geben. Gibt es noch andere Probleme auf deinem Rechner? Ja, wenn ich ein Programm per Administrator starten will, muss ich in ca. 40% der Fälle erst den Task Manager öffnen, bevor die Meldung zur Bestätigung kommt. Wirst du bei einer Google Suche auf andere Seiten umgeleitet? Teste bitte mit allen Browsern und berichte. Nein, ich habe mehrere Suchen ausgeführt und bei keiner wurde ich umgeleitet. Getestet wurden alle Browser. Sorry, dass es so lang gedauert hat. War keine Faulheit, hat andere Gründe gehabt. Hoffe du willst noch weitermachen MfG Geändert von Lyot (22.07.2011 um 11:24 Uhr) |
|
22.07.2011, 13:39
| #23 | |
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Schritt # 1: Rootkitscan mit Rootkit Unhooker (RKU) Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
Schritt # 2: Systemscan mit OTL
Schritt # 3: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
22.07.2011, 16:41
| #24 |
| | iphone 4 gewonnen, internet explorer adCode:
ATTFilter Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF
|
|
22.07.2011, 16:49
| #25 | |
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Zitat:
Lösche die vorhandene aswMBR.exe von deinem Desktop. Schritt # 1: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 2: Systemscan mit OTL
Schritt # 3: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
23.07.2011, 12:08
| #26 |
| | iphone 4 gewonnen, internet explorer ad Hallo! Hier die Logs: Code:
ATTFilter aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-23 12:59:27
-----------------------------
12:59:27.745 OS Version: Windows x64 6.1.7600
12:59:27.746 Number of processors: 4 586 0x402
12:59:27.746 ComputerName: MICHAEL UserName: Noxas
12:59:30.719 Initialize success
12:59:57.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:59:57.361 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
12:59:57.368 Disk 0 MBR read successfully
12:59:57.369 Disk 0 MBR scan
12:59:57.370 Disk 0 Windows 7 default MBR code
12:59:57.372 Service scanning
12:59:57.958 Service catchme C:\ComboFix\catchme.sys **LOCKED** 3
12:59:58.089 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:59:58.799 Modules scanning
12:59:58.801 Disk 0 trace - called modules:
12:59:58.804 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:59:58.806 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a33060]
12:59:58.808 3 CLASSPNP.SYS[fffff8800189a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047d1680]
12:59:58.810 Scan finished successfully
13:00:35.761 Disk 0 MBR has been saved successfully to "C:\Users\Noxas\Desktop\MBR.dat"
13:00:35.765 The log file has been saved successfully to "C:\Users\Noxas\Desktop\aswMBR.txt"
Code:
ATTFilter OTL logfile created on: 23.07.2011 13:01:03 - Run 6 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,77% Memory free 8,00 Gb Paging File | 5,28 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 482,01 Gb Free Space | 80,86% Space Free | Partition Type: NTFS Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Games\World_of_Tanks\WorldOfTanks.exe (Wargaming.net) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (QipGuard) -- C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) SRV - (Dyyno Launcher) -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 B4 22 03 BB 10 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Noxas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.22 16:14:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.23 15:29:00 | 000,000,000 | ---D | M] [2010.12.22 16:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Extensions [2011.07.22 12:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions [2011.05.25 15:04:02 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2011.04.16 17:36:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.01 21:10:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\icqplugin.xml [2011.05.25 15:04:23 | 000,002,062 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\qip-search.xml [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.08 15:10:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.23 15:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.15 12:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.12 21:15:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.22 18:28:14 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Noxas\Desktop\aswMBR (1).exe [2011.07.17 15:44:02 | 000,000,000 | ---D | C] -- C:\_OTL [2011.07.13 12:09:30 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.07.13 12:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 12:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 12:09:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 12:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 12:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 12:09:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.07.13 12:09:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.07.13 12:09:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 12:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.07.13 12:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.07.13 12:09:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.07.13 12:09:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.07.13 12:09:14 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.07.13 12:09:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.07.13 12:09:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.07.13 12:09:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.07.13 12:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.07.13 12:09:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.07.13 12:09:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.07.13 12:09:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.07.13 12:09:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.07.13 12:09:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.07.12 21:18:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.07.12 21:15:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.07.12 21:07:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.07.12 21:07:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.07.12 21:07:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.07.12 21:06:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.07.12 21:06:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.07.12 21:05:53 | 004,149,129 | R--- | C] (Swearware) -- C:\Users\Noxas\Desktop\ComboFix.exe [2011.07.12 19:08:15 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.12 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Malwarebytes [2011.07.12 15:06:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.12 15:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.12 15:06:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.12 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.09 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.07.09 13:40:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.07.09 13:40:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.07.09 13:40:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Local\ArmA 2 Free [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Documents\ArmA 2 [2011.06.30 13:27:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.06.29 15:35:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.06.29 15:35:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.06.29 15:35:21 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.06.29 15:35:20 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.06.29 15:35:20 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.06.29 15:35:20 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.06.29 15:35:19 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.06.29 15:35:18 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.06.29 15:35:18 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.06.29 15:35:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.06.29 15:35:18 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.06.29 15:35:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll [2011.06.29 15:35:18 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.06.29 15:35:18 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.06.29 15:35:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.06.29 15:35:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2011.06.27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.06.27 21:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.27 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.06.26 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!! ========== Files - Modified Within 30 Days ========== [2011.07.23 13:00:35 | 000,000,512 | ---- | M] () -- C:\Users\Noxas\Desktop\MBR.dat [2011.07.23 12:14:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000UA.job [2011.07.23 12:14:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.23 11:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.22 22:14:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.22 22:14:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000Core.job [2011.07.22 18:29:06 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Noxas\Desktop\aswMBR (1).exe [2011.07.22 17:46:31 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2011.07.22 17:35:20 | 000,139,264 | ---- | M] () -- C:\Users\Noxas\Desktop\RKUnhookerLE.EXE [2011.07.20 14:55:24 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.20 14:55:24 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.20 14:55:12 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.20 14:55:12 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.20 14:55:12 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.20 14:55:12 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.20 14:55:12 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.20 14:48:03 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.07.17 17:35:50 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.07.17 17:35:50 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.07.17 17:34:58 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.07.15 17:43:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.14 09:54:56 | 000,002,363 | ---- | M] () -- C:\Users\Noxas\Desktop\Google Chrome.lnk [2011.07.14 03:18:58 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.12 21:15:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.07.12 21:05:34 | 004,149,129 | R--- | M] (Swearware) -- C:\Users\Noxas\Desktop\ComboFix.exe [2011.07.12 18:19:31 | 000,000,000 | ---- | M] () -- C:\Users\Noxas\defogger_reenable [2011.07.12 14:57:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.30 13:27:44 | 385,101,516 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | M] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.27 01:51:52 | 632,653,730 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:51:05 | 836,911,523 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.06.27 01:44:51 | 000,007,608 | ---- | M] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe ========== Files Created - No Company Name ========== [2011.07.22 17:39:28 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2011.07.22 17:35:17 | 000,139,264 | ---- | C] () -- C:\Users\Noxas\Desktop\RKUnhookerLE.EXE [2011.07.15 17:43:51 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.13 22:08:51 | 000,000,512 | ---- | C] () -- C:\Users\Noxas\Desktop\MBR.dat [2011.07.12 21:07:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.07.12 21:07:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.07.12 21:07:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.07.12 21:07:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.07.12 21:07:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.07.12 18:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Noxas\defogger_reenable [2011.06.30 13:27:44 | 385,101,516 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | C] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.27 01:41:54 | 632,653,730 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:41:29 | 836,911,523 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.05.15 14:35:37 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI [2011.04.23 23:24:14 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.04.23 23:24:14 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.04.23 23:24:14 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.04.03 02:47:54 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.31 21:56:26 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.31 21:56:25 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.31 21:56:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.24 00:18:34 | 000,301,056 | ---- | C] () -- C:\Windows\SysWow64\XDogcat.dll [2010.12.21 19:37:20 | 046,504,568 | ---- | C] () -- C:\Users\Noxas\AppData\Roaming\.minecraft.zip [2010.12.09 17:25:56 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.09 17:25:55 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.06 18:02:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.31 18:15:53 | 000,007,608 | ---- | C] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2004.02.20 22:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2011 13:01:03 - Run 6
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,77% Memory free
8,00 Gb Paging File | 5,28 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 482,01 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
"{FDF7AE84-273E-47FD-9E39-CE0CB90A175B}" = Darkfall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArmA 2" = ArmA 2 Free Uninstall
"AVI Screen Saver" = AVI Screen Saver
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"DivX Setup.divx.com" = DivX-Setup
"Dyyno Broadcaster" = Dyyno Broadcaster
"EADM" = EA Download Manager
"Electric Sheep" = Electric Sheep 2.7b29
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.11.426
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mumble" = Mumble and Murmur
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Downloader Toolbar" = Video Downloader Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2010" = QIP 2010 3.1.5488
"QipGuard" = QIP Internet Guardian
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2011 10:13:52 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.07.2011 10:13:52 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.07.2011 16:23:47 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.07.2011 16:30:47 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 03:44:52 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 03:59:32 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 13:30:02 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 13:30:03 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 13:30:03 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 19:55:27 | Computer Name = Michael | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 12.07.2011 08:44:55 | Computer Name = Michael | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?07.?2011 um 00:02:23 unerwartet heruntergefahren.
Error - 12.07.2011 11:26:48 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 12.07.2011 12:18:08 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 12.07.2011 15:10:40 | Computer Name = Michael | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12.07.2011 15:13:02 | Computer Name = Michael | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12.07.2011 15:13:31 | Computer Name = Michael | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 13.07.2011 21:20:47 | Computer Name = Michael | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 13.07.2011 21:20:47 | Computer Name = Michael | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.07.2011 08:07:11 | Computer Name = Michael | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2011 um 05:06:45 unerwartet heruntergefahren.
Error - 15.07.2011 08:08:00 | Computer Name = Michael | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
|
|
23.07.2011, 13:45
| #27 | ||||
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Zitat:
Zitat:
Wenn MBAM den Zugriff auf derartige Seiten schon blockt, dann empfehle ich dir auch, sie nicht länger aufzusuchen.  Zitat:
Zitat:
In deinen Logfiles finde ich nichts auffälliges mehr. Wir machen noch ein paar Kontrollscans. Führe bitte zudem ein Firefox-Update durch. Schritt # 1: Scan mit SuperAntiSpyware (SAS) Downloade Dir bitte SUPERAntiSpyware FREE Edition
Schritt # 2: Java deinstallieren
Schritt # 3: Wichtige Updates
Schritt # 4: ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%ProgramFiles(X86)%\Eset\Eset Online Scanner\log.txt"
Schritt # 5: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 6: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
24.07.2011, 17:29
| #28 |
| | iphone 4 gewonnen, internet explorer ad Hallo M-K-D-B, Code:
ATTFilter Das muss nicht zwingend von Malware kommen. Sind alle deine Treiber aktuell? Wie lange tritt dieses Problem bereits auf?
Ob meine Treiber aktuell sind, kann ich dir so nicht sagen. Ich habe mir auf jeden Fall die aktuellen Treiber / aktuelle Treibersoftware damals heruntergeladen. Ich werde dies morgen überprüfen. Hierzu einfach auf der Herstellerseite die aktuelle Version herunterladen? Ich habe gehört, dass ein "drüber"installieren über die alten Treiber zu Problemen führen kann. Wie kann ich die alten Treiber zuverlässig und ohne "Rückstände" entfernen, damit eine problemlose Installation und Nutzung der neuen (aktuelleren) Treiber nicht gefährdet ist?Code:
ATTFilter Hat sich schon was ergeben? Blockt MBAM auch, wenn du gar nicht im Internet bist oder nur, wenn du dich auf bestimmten Seiten aufhältst?
Wenn MBAM den Zugriff auf derartige Seiten schon blockt, dann empfehle ich dir auch, sie nicht länger aufzusuchen.
Code:
ATTFilter Gibt es dabei immer bei den gleichen Programmen Probleme oder nicht?
Code:
ATTFilter Öffnet sich der Internet Explorer immer noch von alleine und zeigt gefälschte Werbungen bezüglich eines Iphone 4 an?
Ich habe auf C: 2 Dateiordner mit einem Schloss beim Icon (geschützter Ordner?) gefunden. Code:
ATTFilter Namen: "90fd99c6d3fe5ea2c8" und "22528142113c9126cc2dc5"
Inhalt von "90fd99c6d3fe5ea2c8":
-Viele Ordner mit Bezeichnungen wie "1025" "1028" und so weiter. Auf diese Unterordner kann ich nicht zugreifen, "Zugriff verweigert" (trotz "OK" für die Bestätigung für dauerhaften Zugriff).
-.dll, .xml, .html, .bmp - Dateien.
Inhalt von"22528142113c9126cc2dc5":
-vc_red.rar (Google sagt das seien Installationsreste), Anwendungserweiterungen und Textdokumente.
Was sind das für Ordner und Dateien? Wie soll ich damit weiter verfahren? Kommt mir irgendwie suspekt vor. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/23/2011 at 11:58 PM
Application Version : 4.55.1000
Core Rules Database Version : 7451
Trace Rules Database Version: 5263
Scan type : Complete Scan
Total Scan Time : 00:30:06
Memory items scanned : 601
Memory threats detected : 0
Registry items scanned : 12792
Registry threats detected : 4
File items scanned : 36576
File threats detected : 335
Adware.Tracking Cookie
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.adnet[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tns-counter[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.gamersmedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@rambler[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserving.cpxinteractive[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ru4[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad1.adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@m1.mediasrv[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@count.rbc[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[7].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@engine.mediamir.medialand[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.adc-serv[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@media6degrees[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad3.adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adxpose[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.addynamix[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.brandwire[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@myroitracking[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@liveperson[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www.etracker[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@mediabrandsww[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tracking.quisma[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.dyntracker[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.creative-serving[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver[4].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.360yield[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.ad-srv[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adtech[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adbrite[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[6].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@mediaplex[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.adk2[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@webmasterplan[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserving.versaneeds[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www.usenext[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@zanox[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@fastclick[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@medialand[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.247activemedia[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@bs.serving-sys[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@traffictrack[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@liveperson[5].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www.matrix-media[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@snapfish.112.2o7[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@sales.liveperson[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.adition[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.inextmedia[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@unitymedia[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tradedoubler[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad2.adfarm1.adition[4].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@openstat[10].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adsrv1.admediate[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver.adtechus[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.zanox[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@yadro[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@eas.apm.emediate[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@fidelity.rotator.hadj7.adjuggler[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.harrenmedianetwork[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@zanox-affiliate[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@atdmt[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@revsci[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@serving-sys[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@im.banner.t-online[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@yieldmanager[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@doubleclick[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.yieldmanager[5].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@vidasco.rotator.hadj7.adjuggler[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@xm.xtendmedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@harrenmedianetwork[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@smartadserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@invitemedia[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@apmebf[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@clicksor[1].txt
.ru4.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.zanox-affiliate.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.paypal.112.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tto2.traffictrack.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rambler.ru [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.deutschepostag.112.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.zeusclicks.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.adform.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.gs [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.paysafecardgroup.122.2o7.net [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
pornografish.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.star-advertising.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.star-advertising.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.zeusclicks.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.markussexblog.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.markussexblog.com [ C:\Users\Noxas\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
files.youporn.com [ C:\Users\Noxas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FQ49SD6J ]
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver.adtechus[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@zieltrack[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@invitemedia[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.traffictrack[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@rgadvert[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ww251.smartadserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.googleadservices[4].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adecn[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@apmebf[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ero-advertising[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@zanox[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@usenext[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ads.creative-serving[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@user.lucidmedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@msnportal.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tribalfusion[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@doubleclick[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@serving-sys[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@atdmt[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tracking.hannoversche[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad.yieldmanager[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@content.yieldmanager[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@traffictrack[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adviva[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad3.adfarm1.adition[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@fastclick[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tracking.mindshare[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@vinvest.122.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tracking.mlsat02[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@cdn.at.atwola[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.elitepvpers[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@zanox-affiliate[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@revsci[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@casalemedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@imrworldwide[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@partypoker[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adfarm1.adition[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@collective-media[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@advertising[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@click.mediadome[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad.ad-srv[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@rts.pgmediaserve[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adt.traffictrack[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@microsoftsto.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.usenext[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@54.zieltrack[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@specificclick[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@unitymedia[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tracking.quisma[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad.chip[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tradedoubler[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adx.chip[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@webmasterplan[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad1.adfarm1.adition[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@statse.webtrendslive[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@elitepvpers[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ads.ad4game[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.zanox-affiliate[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@content.yieldmanager[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.googleadservices[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adserver.adtechus[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad.zanox[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@bs.serving-sys[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@statcounter[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adbrite[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@mediaplex[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@tacoda[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@ad2.adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@smartadserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.googleadservices[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@server.cpmstar[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@media.leaguecraft[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@eas.apm.emediate[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.etracker[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@adtech[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@trackingcdn.porsche[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@studivz.adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@media.gan-online[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@www.active-tracking[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\Low\noxas@deutschepostag.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adform[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@atdmt[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@serving-sys[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[5].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@spylog[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ww251.smartadserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adxpose[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.creative-serving[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@clicksor[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@imrworldwide[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@zanox[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@apmebf[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@eyewonder[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@invitemedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@doubleclick[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@m1.mediasrv[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@yieldmanager[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad1.adfarm.adtelligence[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.yieldmanager[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@atwola[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@snapfish.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserving.versaneeds[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@traffictrack[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.horyzon-media[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www.zanox-affiliate[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad3.adfarm1.adition[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adbrite[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@aimfar.solution.weborama[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@fastclick[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tracking.hannoversche[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.adk2[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@smartadserver[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.harrenmedianetwork[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adfarm1.adition[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad6media[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@demandwarecrocs.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@liveperson[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@harrenmedianetwork[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adsrv1.admediate[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ww381.smartadserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@mediabrandsww[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.medienhaus[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@liveperson[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www3.smartadserver[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@uk.at.atwola[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@unitymedia[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tracking.quisma[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adx.chip[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@webmasterplan[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@partypoker[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.247activemedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@sales.liveperson[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@content.yieldmanager[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.dyntracker[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@yadro[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.adc-serv[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@revsci[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@myroitracking[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad2.adfarm1.adition[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.zanox[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@mediaplex[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad2.adfarm1.adition[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserving.cpxinteractive[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@stats.paypal[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ads.cpxcenter[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.yieldmanager[3].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@paypal.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@questionmarket[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adserver[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@media6degrees[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.360yield[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@www.windowsmedia[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@track.adform[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@adtech[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@tradedoubler[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@zbox.zanox[2].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.yieldmanager[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@sevenoneintermedia.112.2o7[1].txt
C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Cookies\noxas@ad.ad-srv[1].txt
.statcounter.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
tracking.gameforge.de [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\cookies.sqlite ]
Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c336d15cb2f2f34f82cf19a5638d3fb5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-24 03:58:54
# local_time=2011-07-24 05:58:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 10032562 63922574 0 0
# compatibility_mode=8192 67108863 100 0 582 582 0 0
# scanned=214298
# found=3
# cleaned=0
# scan_time=6232
C:\Program Files (x86)\Activision\Empires Dawn of the Modern World\EDMW_ResSet.exe probably a variant of Win32/Agent.KFOIWYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Noxas\Downloads\MovieBario_FM.exe probably a variant of Win32/SweetIM.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Noxas\Downloads\registrybooster.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Flash Player Out of Date!
Adobe Flash Player 10.2.152.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
PS: Grade beim Starten von Security Check kam das Problem mit dem Task Manager, den ich starten muss, bevor die Meldung zur Bestätigung kommt! PPS: Ich habe gerade im letzten Logfile meiner Antwort gesehen, dass immernoch der Internet Explorer 8 installiert ist. Ich habe aber gestern den Internet Explorer 9 inklusive Neustart installiert. Wie kann das sein? Zudem kam grade beim Öffnen des Internet Explorers von MBAM sofort die Meldung, dass der Zugang zu einer potentiell gefährlichen Webseite geblockt wurde. Hier das Logfile: Code:
ATTFilter 00:04:29 Noxas MESSAGE Protection started successfully
00:04:33 Noxas MESSAGE IP Protection started successfully
00:12:38 Noxas MESSAGE IP Protection stopped
00:21:24 Noxas MESSAGE Protection started successfully
00:21:28 Noxas MESSAGE IP Protection started successfully
16:04:16 Noxas MESSAGE IP Protection stopped
16:15:42 Noxas MESSAGE Protection started successfully
16:15:46 Noxas MESSAGE IP Protection started successfully
19:01:15 Noxas IP-BLOCK 195.68.160.68 (Type: outgoing, Port: 50156, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.68 (Type: outgoing, Port: 50157, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.68 (Type: outgoing, Port: 50162, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.68 (Type: outgoing, Port: 50163, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50176, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50177, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50182, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50186, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50187, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.249 (Type: outgoing, Port: 50188, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.187 (Type: outgoing, Port: 50201, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.187 (Type: outgoing, Port: 50202, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.185 (Type: outgoing, Port: 50203, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.185 (Type: outgoing, Port: 50204, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.187 (Type: outgoing, Port: 50205, Process: iexplore.exe)
19:01:15 Noxas IP-BLOCK 195.68.160.185 (Type: outgoing, Port: 50206, Process: iexplore.exe)
19:03:23 Noxas MESSAGE IP Protection stopped
19:03:24 Noxas MESSAGE Database updated successfully
19:03:25 Noxas MESSAGE IP Protection started successfully
Habe den Firefox runtergeschmissen, da ich ihn eh nicht brauche. Kann ich dies auch mit dem Internet Explorer machen? Wenn ja, wie? MfG Geändert von Lyot (24.07.2011 um 18:12 Uhr) |
|
24.07.2011, 19:45
| #29 | |||||||||
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Diese beiden Dateien bitte von Hand löschen: Zitat:
Ist das hier eine Originaldatei? Zitat:
Zur Kontrolle könntest du die Datei einmal bei VirusTotal hochladen. Wenn dort mehrere Scanner anschlagen, dann solltest du die Datei löschen! Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt # 1: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücken. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 2: Systembereinigung mit OTL Als Nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 3: Programme deinstallieren/löschen
Schritt # 4: ESET Online Scanner
Schritt # 5: Adobe Flash Player aktualisieren
Schritt # 6: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 7: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Schritt # 8: Deine Rückmeldung Bitte gib mir kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann. |
|
24.07.2011, 21:31
| #30 |
| | iphone 4 gewonnen, internet explorer ad Hallo, ich wollte den Online Secunia Inspector nutzen, jedoch steht unten "Loading Java Applet Try 1/50. Das zählt dann bis 50/50 hoch und wenn ich dann auf Start drücke passiert nichts. Liegt wohl an Java auf meinem Rechner. Wie fix ich das? Ansonsten hab ich keine Fragen und bedanke mich für die Hilfe! MfG! EDIT: Schon gut, ich musste erst oben bestätigen, dass es ausgeführt werden soll! |
|
| Themen zu iphone 4 gewonnen, internet explorer ad |
| adware.softomate, anti, eingefangen, explorer, folgendes, gefangen, glückwunsch, guten, hijack.zones, inter, interne, internet explorer, iphone, malwarebytes, problem, pup.removewga, quarantäne, regelmäßig, schädliches, trojan.downloader, trojan.fakealert, trojan.fraudpack, trojan.fraudpack.gen, öffnet |
Textbox.
Textbox.
Button.
Linear-Darstellung
