|
Log-Analyse und Auswertung: Mehr als das nervige Babylon ???Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.11.2011, 19:03 | #1 |
| Mehr als das nervige Babylon ??? Hallo liebe Leute, würdet Ihr bitte so lieb sein und mir bei meinem Problem helfen ? Ich habe mir ( denke ich ) was eingefangen. Habe spybotsd ( auch im abgesicherten Modus, als Admin ) durchlaufen lassen. Er findet 4 Probleme - makierte Problem beheben- paar Tage ruhe, dann gehts wieder los. Hijack sagt es wäre alles i.o. Hier kurz meine Daten vom Rechner : Win 7 Home Premium 64 Bit, Mozilla Firefox, Im Anhang mein Logfile von OTL ( Haken gesetzt bei ,, Scanne alle Benutzer " - ,, Minimalausgabe " - Extra Registrierung ,, Benutze Safe-List " - ,, LOP Prüfung " - ,, Purity Prüfung " ) Wäre über jede hilfe sehr dankbar... Liebe Grüße |
21.11.2011, 19:31 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ???Zitat:
__________________ |
22.11.2011, 03:55 | #3 |
| Mehr als das nervige Babylon ??? Hallo Arne,
__________________welches Log meinst du genau ? Habe jetzt nochmal das Log von Malewarebytes im Anhang getan. Gruß Nico Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8209 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 22.11.2011 03:52:37 mbam-log-2011-11-22 (03-52-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|Q:\|) Durchsuchte Objekte: 363243 Laufzeit: 44 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Nico\downloads\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\Users\Nico\downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully. |
22.11.2011, 09:19 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ??? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.11.2011, 14:10 | #5 |
| Mehr als das nervige Babylon ??? Hallo Arne, nee leider gibt es unter den Reiter ,, Logdateien,, keine weiteren Logdateien von Malewarebytes, die man sehen kann, ausser die ich gepostet habe. Gruß Nico |
22.11.2011, 16:39 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ??? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> Mehr als das nervige Babylon ??? |
23.11.2011, 14:06 | #7 |
| Mehr als das nervige Babylon ??? Hi Arne, sorry das ich mich erst jetzt wieder melde, aber Eset hat unglaubliche 20 Stunden gescannt Aber nun hier die Logdatei ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=95ae5c3a4fdc6f43a0518e382d8b2822 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-22 05:13:11 # local_time=2011-11-22 06:13:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16774142 0 6 2679829 6658223 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 348572 73606720 0 0 # compatibility_mode=8192 67108863 100 0 3800 3800 0 0 # scanned=219416 # found=1 # cleaned=0 # scan_time=5120 C:\Users\Nico\Downloads\SoftonicDownloader_fuer_photoscape.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=95ae5c3a4fdc6f43a0518e382d8b2822 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-23 01:02:30 # local_time=2011-11-23 02:02:30 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16774142 0 6 2685261 6663655 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 354004 73612152 0 0 # compatibility_mode=8192 67108863 100 0 9232 9232 0 0 # scanned=292938 # found=6 # cleaned=0 # scan_time=71047 C:\Users\Nico\Downloads\SoftonicDownloader_fuer_photoscape.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I K:\Dokumente und Einstellungen\PC\Anwendungsdaten\OpenCandy\registrybooster21.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I K:\Dokumente und Einstellungen\PC\Anwendungsdaten\OpenCandy\registrybooster21Wrapped.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I K:\Dokumente und Einstellungen\PC\Desktop\ff2\Neuer Ordner (2)\ff2\World of Warcraft\Updater.exe probably a variant of Win32/PSW.Delf.LRSQGKL trojan (unable to clean) 00000000000000000000000000000000 I K:\Dokumente und Einstellungen\PC\Eigene Dateien\Downloads\SoftonicDownloader95749.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I K:\Dokumente und Einstellungen\PC\Eigene Dateien\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.A application (unable to clean) 00000000000000000000000000000000 I Besten Gruß Nico |
23.11.2011, 14:17 | #8 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ???Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. Zitat:
Wenn man nur von Schrottseiten wie Softonic lädt und blind alles bei Setups in Programminstallation abnickt ohne nachzudenken, muss man sich nun wirklich nicht mehr wundern, dass das System mit Toolbars wie Babylon oder anderem Scrott zugemüllt ist
__________________ Logfiles bitte immer in CODE-Tags posten |
23.11.2011, 15:11 | #9 |
| Mehr als das nervige Babylon ??? Ahhh OK... ich kann dich beruhigen. Ich selber habe mir den Müll nicht runter gezogen, aber kann mir denken wer es war. Gut, aber was ist jetzt mit den Rest ? Habe ich mir noch was eingefangen ? Oder meinst du es reicht wenn ich die beiden Dateien K:\Dokumente und Einstellungen\PC\Anwendungsdaten\OpenCandy\registrybooster21.exe K:\Dokumente und Einstellungen\PC\Eigene Dateien\Downloads\SoftonicDownloader95749.exe mit der Killbox beseitige ? Gruß Nico |
23.11.2011, 18:58 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ??? Die Dateien können einfach so gelöscht werden. Mach bitte ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
24.11.2011, 04:15 | #11 |
| Mehr als das nervige Babylon ??? Hier die log Datei von OTL, so wie du Sie wolltest OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.11.2011 04:05:37 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nico\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,34% Memory free 8,00 Gb Paging File | 6,37 Gb Available in Paging File | 79,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 368,64 Gb Free Space | 81,62% Space Free | Partition Type: NTFS Drive J: | 232,88 Gb Total Space | 150,97 Gb Free Space | 64,83% Space Free | Partition Type: NTFS Drive K: | 232,88 Gb Total Space | 14,56 Gb Free Space | 6,25% Space Free | Partition Type: NTFS Drive L: | 7,52 Gb Total Space | 6,65 Gb Free Space | 88,51% Space Free | Partition Type: FAT32 Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nico\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe () MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys (Symantec Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20110309.001\BHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110314.004\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1840&r=17360111p303pe484v1k5r47n1t50p IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1840&r=17360111p303pe484v1k5r47n1t50p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1840&r=17360111p303pe484v1k5r47n1t50p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1840&r=17360111p303pe484v1k5r47n1t50p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1840&r=17360111p303pe484v1k5r47n1t50p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2011.09.08 07:24:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn_2010_9_0_6 [2011.11.22 04:19:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.20 15:33:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.20 15:33:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 13:59:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.07 13:59:12 | 000,000,000 | ---D | M] [2011.01.16 17:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions [2011.11.11 17:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\7p0tg2y3.default\extensions [2011.11.11 13:21:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\7p0tg2y3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.10 08:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.08 07:24:03 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPLGN () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P0TG2Y3.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2011.10.01 10:08:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.06 12:54:18 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: DivX HiQ = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2011.11.21 18:29:28 | 000,438,702 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15087 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4ED6014-237C-4A34-B1B6-550BB2231083}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.13 17:31:08 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Unser_Zuhause_entdecken.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.24 03:51:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe [2011.11.22 16:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.22 16:43:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nico\Desktop\esetsmartinstaller_enu.exe [2011.11.21 18:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.11.21 18:18:34 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Malwarebytes [2011.11.21 18:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.21 18:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.21 18:18:22 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.21 18:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.19 19:27:52 | 003,889,424 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2011.11.19 19:27:27 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2011.11.19 19:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2011.11.19 19:20:45 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011.11.19 19:20:14 | 000,000,000 | ---D | C] -- C:\AeriaGames [2011.11.14 09:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2011.11.14 09:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2011.11.14 09:44:22 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\NCH Software [2011.11.13 16:16:29 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\PhotoScape [2011.11.13 16:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2011.11.13 16:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2011.11.13 16:15:17 | 017,327,195 | ---- | C] (Mooii) -- C:\Users\Nico\Desktop\PhotoScapeSetup_V3.5.exe [2011.11.12 08:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.11 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Nico\Desktop\ebay [2011.11.11 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\baywotch3 [2011.11.11 16:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BayWotch 3 [2011.11.11 16:13:27 | 002,593,792 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx [2011.11.11 16:13:27 | 000,688,416 | ---- | C] (WeOnlyDo! COM) -- C:\Windows\SysWow64\wodHttp.dll [2011.11.11 16:13:27 | 000,684,032 | ---- | C] (10Tec) -- C:\Windows\SysWow64\iGrid251_75B4A91C.ocx [2011.11.11 16:13:27 | 000,288,768 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx [2011.11.11 16:13:27 | 000,231,424 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx [2011.11.11 16:13:27 | 000,148,480 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevMenuXP2.ocx [2011.11.11 16:13:27 | 000,098,816 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevGraph.ocx [2011.11.11 16:13:27 | 000,096,256 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd32.ocx [2011.11.11 16:13:27 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll [2011.11.11 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BayWotch3 [2011.11.06 12:54:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Babylon [2011.11.06 12:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.11.06 12:54:13 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab FLV Player [2011.11.01 20:13:08 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TeamViewer [2011.11.01 20:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer ========== Files - Modified Within 30 Days ========== [2011.11.24 04:01:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.24 03:51:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe [2011.11.24 03:49:42 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.24 03:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.22 16:44:54 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.22 16:44:54 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.22 16:44:54 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.22 16:44:54 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.22 16:44:54 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.22 16:44:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nico\Desktop\esetsmartinstaller_enu.exe [2011.11.22 04:27:06 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 04:27:06 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 04:19:12 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.11.21 18:29:28 | 000,438,702 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.11.21 18:23:55 | 000,001,271 | ---- | M] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk [2011.11.19 16:20:09 | 847,603,168 | ---- | M] () -- C:\Users\Nico\Desktop\wolfteam_de_installer_20111102.exe [2011.11.18 18:11:08 | 000,002,353 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.11.14 09:45:10 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\PhotoStage Slideshow Producer.lnk [2011.11.13 16:16:27 | 000,001,044 | ---- | M] () -- C:\Users\Nico\Desktop\PhotoScape.lnk [2011.11.13 16:16:06 | 017,327,195 | ---- | M] (Mooii) -- C:\Users\Nico\Desktop\PhotoScapeSetup_V3.5.exe [2011.11.11 16:13:30 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\BayWotch 3.lnk [2011.11.10 03:18:39 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.06 12:54:17 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.11.01 20:01:27 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk ========== Files Created - No Company Name ========== [2011.11.21 18:23:55 | 000,001,271 | ---- | C] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk [2011.11.19 19:27:27 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2011.11.19 15:32:04 | 847,603,168 | ---- | C] () -- C:\Users\Nico\Desktop\wolfteam_de_installer_20111102.exe [2011.11.14 09:45:09 | 000,001,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk [2011.11.14 09:45:09 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\PhotoStage Slideshow Producer.lnk [2011.11.13 16:16:27 | 000,001,044 | ---- | C] () -- C:\Users\Nico\Desktop\PhotoScape.lnk [2011.11.11 16:13:30 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\BayWotch 3.lnk [2011.11.11 16:13:27 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\bwtoolbar3.ocx [2011.11.06 12:54:17 | 000,002,514 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.11.01 20:01:27 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.11.01 20:01:26 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.04.10 09:06:43 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.01 19:57:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.04.01 19:57:32 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.04.01 19:57:32 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.03.20 13:27:24 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.20 13:27:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.05 17:55:42 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.01.16 17:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.16 16:53:27 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.16 16:49:06 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.16 16:49:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.06 12:54:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Babylon [2011.11.11 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\baywotch3 [2011.10.22 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\BOM [2011.09.16 11:26:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\concept design [2011.02.24 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.04 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FloodLightGames [2011.01.14 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\OEM [2011.11.13 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PhotoScape [2011.02.04 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PlayFirst [2011.02.05 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\SoftGrid Client [2011.11.01 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TeamViewer [2011.01.15 05:21:24 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Tific [2011.01.16 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TP [2011.01.15 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WildTangent [2011.04.03 16:00:06 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.16 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Adobe [2011.10.12 13:56:36 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Avira [2011.11.06 12:54:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Babylon [2011.11.11 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\baywotch3 [2011.10.22 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\BOM [2011.01.16 17:01:13 | 000,000,000 | R--D | M] -- C:\Users\Nico\AppData\Roaming\Brother [2011.09.16 11:26:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\concept design [2011.04.01 19:57:51 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DivX [2011.09.06 07:41:59 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\dvdcss [2011.02.24 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.04 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FloodLightGames [2011.01.14 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Google [2011.01.14 19:25:27 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Identities [2011.01.14 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Macromedia [2011.11.21 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Media Center Programs [2011.10.22 16:22:20 | 000,000,000 | --SD | M] -- C:\Users\Nico\AppData\Roaming\Microsoft [2011.01.16 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Mozilla [2011.11.20 10:09:47 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\NCH Software [2011.10.09 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Nero [2011.01.14 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\OEM [2011.11.13 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PhotoScape [2011.02.04 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PlayFirst [2011.02.05 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\SoftGrid Client [2011.11.01 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TeamViewer [2011.01.15 05:21:24 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Tific [2011.01.16 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TP [2011.10.22 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\vlc [2011.01.15 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WildTangent [2011.11.18 09:21:48 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Winamp [2011.01.30 08:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
24.11.2011, 08:56 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ??? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" [2011.11.06 12:54:18 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.13 17:31:08 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Unser_Zuhause_entdecken.exe [2011.11.06 12:54:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Babylon [2011.11.06 12:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.11.06 12:54:17 | 000,002,514 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.11.2011, 12:33 | #13 |
| Mehr als das nervige Babylon ??? Hallo Arne, habe deinen Rat befolgt. - Babylon ist verschwunden - Nachdem ich bei OTL auf Fix gegangen bin, hat sich aber KEIN Logfile geöffnet Was soll ich jetzt machen ??? Neuen Scan mit OTL durchführen und Logfile posten ? gruß Nico |
24.11.2011, 13:05 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mehr als das nervige Babylon ??? Das Log sollte in C:\_OTL zu finden sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.11.2011, 13:11 | #15 |
| Mehr als das nervige Babylon ??? Ahhhhh da iss es ja Bitte All processes killed ========== OTL ========== Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. C:\Program Files (x86)\Winamp\winampa.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! J:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c738783-cc55-11df-b9d2-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c738783-cc55-11df-b9d2-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c738783-cc55-11df-b9d2-806e6f6e6963}\ not found. File D:\Unser_Zuhause_entdecken.exe not found. C:\Users\Nico\AppData\Roaming\Babylon folder moved successfully. C:\ProgramData\Babylon folder moved successfully. C:\Users\Public\Desktop\Babylon.lnk moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nico ->Temp folder emptied: 97424923 bytes ->Temporary Internet Files folder emptied: 2780225 bytes ->FireFox cache emptied: 1006754279 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 48010 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 85829 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes RecycleBin emptied: 14433194 bytes Total Files Cleaned = 1.070,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11242011_121803 |
Themen zu Mehr als das nervige Babylon ??? |
abgesicherte, abgesicherten, admin, anhang, babylon, benutzer, daten, firefox, gesetzt, haken, hijack, home, leute, liebe, logfile, modus, mozilla, nervige, problem, probleme, prüfung, rechner, registrierung, scan, scanne |