| |
| |||||||
Log-Analyse und Auswertung: Problem mit Antivirus ActionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.11.2010, 11:17
| #1 |
| |  Problem mit Antivirus Action Hi ich bin neu hier im Forum daher bitte ich euch um verzeihung wenn ich hier falsh poste. Ich hab mit der oben erwähnten Datei ein paar schwirigkeiten (Da ich sie habe ^^). Ich habe mich hier im Forum schon informiert und Die Programme OTF und Malwarebytes Anti-Malware laufen lassen. Bei OTF stand noch drinne, dass wir die logs posten sollen damit wir weitere Hilfe erwarten können. Nun hier meine log Datein OTL.txt OTL logfile created on: 27.11.2010 11:11:08 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\philipp\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 6,72 Gb Free Space | 2,89% Space Free | Partition Type: NTFS Drive D: | 73,98 Gb Total Space | 57,58 Gb Free Space | 77,84% Space Free | Partition Type: NTFS Drive E: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PHILIPP-PC | User Name: philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.27 10:39:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\philipp\Downloads\OTL.exe PRC - [2010.11.04 17:28:32 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 17:28:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.04 17:28:31 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.01 18:05:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.11.01 18:05:17 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.10.27 13:20:45 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe PRC - [2010.09.27 17:52:49 | 002,969,496 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.06.24 15:41:34 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010.06.18 18:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.24 10:36:16 | 000,797,104 | ---- | M] (iMesh, Inc) -- C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe PRC - [2010.02.06 23:27:59 | 002,247,168 | ---- | M] (Computec Media AG) -- C:\Programme\buffed\BLASC.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.06.30 21:23:54 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ========== Modules (SafeList) ========== MOD - [2010.11.27 10:39:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\philipp\Downloads\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.26 16:59:32 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.12 19:39:22 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai) SRV - [2010.11.04 17:28:32 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.04 17:28:31 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.04.03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010.11.26 16:44:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.04 17:28:32 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.04.03 23:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.01.30 14:12:06 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.08.13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009.08.05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.30 21:24:04 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2007.01.23 19:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2007.01.23 19:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88bda.sys -- (hcw88bda) DRV - [2002.10.29 09:15:06 | 000,114,144 | ---- | M] (Winbond Electronics Crop.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2kw9967.sys -- (USBW9967) DRV - [2002.04.14 16:23:00 | 000,016,588 | ---- | M] (The freeware company) [Kernel | On_Demand | Stopped] -- C:\Programme\MoreTV.353\Hwiont.sys -- (HWIONT) DRV - [2001.10.30 05:21:02 | 000,010,256 | ---- | M] (Winbond Electronics Crop.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\W9967STI.SYS -- (W9967CAM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2626277 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 37 46 FE 7B A7 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.blackskulls.eu/index.php?site=forum" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.1.0.12 FF - prefs.js..keyword.URL: "hxxp://utils.babylon.com/abt/index.php?url=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 18:05:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 18:05:18 | 000,000,000 | ---D | M] [2010.01.29 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions [2009.11.09 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.11.27 11:10:09 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions [2010.06.05 22:19:09 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2010.11.25 23:42:38 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2010.06.26 10:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.10 15:26:59 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010.10.08 21:19:49 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\battlefieldheroespatcher@ea.com [2010.11.23 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\ffxtlbr@babylon.com [2010.01.30 05:32:30 | 000,002,163 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\bing.xml [2010.09.16 18:48:08 | 000,000,941 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\conduit.xml [2010.11.22 18:22:06 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-1.xml [2010.04.03 09:57:44 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-2.xml [2010.06.06 03:09:46 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-3.xml [2010.06.28 15:40:31 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-4.xml [2010.07.31 12:13:02 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-5.xml [2010.10.02 14:49:28 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-6.xml [2010.10.04 18:05:44 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-7.xml [2010.10.25 15:59:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-8.xml [2010.11.23 22:27:36 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-9.xml [2010.03.19 20:01:53 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\iMeshWebSearch.xml [2010.11.27 10:27:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.09 23:31:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.02 14:49:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.23 22:26:12 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.10.02 14:49:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010.10.02 14:49:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.02 14:49:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.02 14:49:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Media Star Toolbar) - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [DataMngr] C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [BLASC] C:\Program Files\buffed\BLASC.exe (Computec Media AG) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [sckbrfxs] C:\Users\philipp\AppData\Local\Temp\bxgtdtjkr\tgdsjgrtsbl.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [xitlmnle] C:\Users\philipp\AppData\Local\Temp\dwmudrhhi\sipxouotsbl.exe () O4 - Startup: C:\Users\philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.27 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Malwarebytes [2010.11.27 10:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.27 10:25:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.27 10:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.27 10:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.27 02:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Media_Star [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\TorrentBitch [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\Programme\TorrentBitch [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentBitch [2010.11.26 21:08:35 | 000,000,000 | ---D | C] -- C:\Programme\PATRIZIER II Gold [2010.11.26 19:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Drakensang [2010.11.25 23:42:42 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2010.11.25 23:42:40 | 000,000,000 | ---D | C] -- C:\Programme\BrotherSoft_Extreme [2010.11.25 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\GetRightToGo [2010.11.25 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\Downloads [2010.11.23 22:31:24 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.11.23 22:31:24 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.11.23 22:31:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.11.23 22:31:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.11.23 22:31:22 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.11.23 22:29:00 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.11.23 22:29:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.11.23 22:29:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.11.23 22:29:00 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.11.23 22:28:59 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.11.23 22:28:59 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.11.23 22:28:59 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.11.23 22:28:58 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.11.23 22:28:58 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.11.23 22:28:57 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.11.23 22:28:57 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.11.23 22:28:57 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.11.23 22:28:57 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.11.23 22:28:19 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2010.11.23 22:26:26 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\Babylon [2010.11.23 22:26:13 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2010.11.23 22:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Babylon [2010.11.23 22:26:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Babylon [2010.11.23 22:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2010.11.23 22:25:55 | 000,000,000 | ---D | C] -- C:\Programme\AudioConverter [2010.11.23 22:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.11.23 22:25:15 | 000,000,000 | ---D | C] -- C:\Programme\MP3 CD Converter Professional [2010.11.23 22:10:02 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\Reich und Sexy [2010.11.14 09:28:51 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\The Lord of the Rings Online [2010.11.14 09:28:51 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\The Lord of the Rings Online [2010.11.14 09:24:12 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\Turbine [2010.11.14 09:23:17 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.11.14 09:20:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2010.11.14 08:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters [2010.11.13 15:13:14 | 000,000,000 | ---D | C] -- C:\Programme\SimBin [2010.11.13 14:59:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2010.11.13 14:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.11.13 14:50:50 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.11.13 14:50:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.11.13 14:50:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.11.13 14:50:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.11.13 14:50:48 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.11.13 14:50:48 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.11.13 14:50:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.11.13 14:50:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.11.13 14:50:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.11.08 19:34:36 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\gothic3 [2010.11.08 19:01:59 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD [2010.11.06 11:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\1B136 [2010.11.05 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\LOTROEU_Enedwaith_DE_Installer [2010.11.01 17:09:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2010.10.31 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Avira [2010.10.31 19:47:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.10.31 19:47:25 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.31 19:47:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.31 19:47:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.31 19:47:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.31 19:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.31 12:35:33 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\AVS4YOU [2010.10.31 12:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010.10.31 12:30:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.10.31 12:30:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVSMedia [2010.10.31 12:30:37 | 000,000,000 | ---D | C] -- C:\Programme\AVS4YOU [2010.10.31 12:26:49 | 000,000,000 | ---D | C] -- C:\AudioSuite [2010.10.31 12:24:34 | 000,000,000 | ---D | C] -- C:\Programme\Audio Recorder Pro [2010.10.31 01:38:10 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\reakktor [2010.10.31 01:38:07 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\Reakktor Media [2010.10.30 18:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Medion [2010.10.30 15:50:00 | 000,000,000 | ---D | C] -- C:\Medion2 [2010.10.30 15:36:31 | 000,094,208 | ---- | C] (Winbond Electronics Corporation) -- C:\Windows\System32\wb9967.dll [2010.10.30 15:36:31 | 000,016,840 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\W9967usd.dll [2010.10.30 15:36:31 | 000,015,360 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\w67_ctom.ax [2010.10.30 15:36:31 | 000,010,256 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\drivers\W9967sti.sys [2010.10.30 15:36:30 | 000,376,832 | ---- | C] (Winbond Electronics Corp.) -- C:\Windows\System32\DsTW9968.dll [2010.10.30 15:36:30 | 000,122,880 | ---- | C] (Winbond) -- C:\Windows\System32\Dxcam68.dll [2010.10.30 15:36:30 | 000,000,000 | ---D | C] -- C:\Medion1 [2010.10.30 14:58:49 | 000,114,144 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\drivers\2kw9967.sys [2010.10.30 14:58:49 | 000,000,000 | ---D | C] -- C:\Medion [2010.10.29 17:32:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.29 17:32:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.29 17:32:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.29 17:32:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.29 17:32:36 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.27 11:06:12 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.27 11:06:12 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.27 11:00:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.27 10:58:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.27 10:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.27 10:58:43 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2010.11.27 10:25:54 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.27 01:59:32 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\TorrentBitch.lnk [2010.11.26 23:25:32 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.11.26 23:25:12 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.11.26 21:13:47 | 000,001,043 | ---- | M] () -- C:\Users\philipp\Desktop\PATRIZIER II Gold starten.lnk [2010.11.26 19:39:01 | 000,001,875 | ---- | M] () -- C:\Users\philipp\Desktop\Drakensang.lnk [2010.11.26 17:00:02 | 000,007,621 | ---- | M] () -- C:\Users\philipp\AppData\Local\Resmon.ResmonCfg [2010.11.26 16:44:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.23 22:43:20 | 000,301,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.21 18:09:27 | 000,706,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.21 18:09:27 | 000,660,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.21 18:09:27 | 000,152,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.21 18:09:27 | 000,124,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.14 09:20:34 | 000,002,182 | ---- | M] () -- C:\Users\philipp\Desktop\Der Herr der Ringe Online.lnk [2010.11.13 15:29:47 | 000,001,149 | ---- | M] () -- C:\Users\philipp\Desktop\RACE 07 Offline.lnk [2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.08 19:15:14 | 000,001,416 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3 - Götterdämmerung.lnk [2010.11.08 19:15:14 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3.lnk [2010.11.04 17:35:02 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.11.04 17:28:32 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.01 17:09:36 | 000,001,159 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Audio Editor.lnk [2010.10.31 21:25:18 | 000,087,352 | ---- | M] () -- C:\Users\philipp\Documents\NR-20101031-001.mp3 [2010.10.31 19:47:45 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Herbert.lnk [2010.10.31 19:18:33 | 000,000,194 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat [2010.10.31 12:35:35 | 000,001,183 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Ringtone Maker.lnk [2010.10.31 12:30:42 | 000,001,183 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Audio Recorder.lnk [2010.10.30 15:54:19 | 000,011,709 | ---- | M] () -- C:\Users\philipp\Documents\Entschuldigung The Wave.odt [2010.10.30 07:42:45 | 278,384,397 | ---- | M] () -- C:\Windows\MEMORY.DMP [4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.27 10:25:54 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.27 01:59:32 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\TorrentBitch.lnk [2010.11.26 21:11:20 | 000,001,043 | ---- | C] () -- C:\Users\philipp\Desktop\PATRIZIER II Gold starten.lnk [2010.11.26 19:39:01 | 000,001,875 | ---- | C] () -- C:\Users\philipp\Desktop\Drakensang.lnk [2010.11.23 22:31:23 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.23 22:29:00 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.11.23 22:28:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.11.23 22:28:59 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.11.23 22:28:58 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.11.23 22:28:57 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.11.23 22:28:57 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.11.23 22:28:56 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.11.23 22:28:56 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.11.14 09:20:34 | 000,002,182 | ---- | C] () -- C:\Users\philipp\Desktop\Der Herr der Ringe Online.lnk [2010.11.13 15:29:47 | 000,001,149 | ---- | C] () -- C:\Users\philipp\Desktop\RACE 07 Offline.lnk [2010.11.08 19:15:14 | 000,001,416 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3 - Götterdämmerung.lnk [2010.11.08 19:15:14 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3.lnk [2010.11.04 17:35:02 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.11.01 17:09:36 | 000,001,159 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Audio Editor.lnk [2010.10.31 21:25:12 | 000,087,352 | ---- | C] () -- C:\Users\philipp\Documents\NR-20101031-001.mp3 [2010.10.31 19:47:45 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Herbert.lnk [2010.10.31 19:11:40 | 000,000,194 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat [2010.10.31 16:33:13 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.31 16:33:05 | 000,000,202 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.31 12:35:35 | 000,001,183 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Ringtone Maker.lnk [2010.10.31 12:30:42 | 000,001,183 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Audio Recorder.lnk [2010.10.30 18:11:38 | 000,036,352 | ---- | C] () -- C:\Windows\Amcap.exe [2010.10.30 15:54:16 | 000,011,709 | ---- | C] () -- C:\Users\philipp\Documents\Entschuldigung The Wave.odt [2010.10.30 15:36:31 | 000,107,780 | ---- | C] () -- C:\Windows\System32\wb67ext.dll [2010.10.30 15:36:30 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Bmpproc.dll [2010.09.05 10:41:39 | 000,000,601 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\testtool.ini [2010.08.09 23:31:41 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.15 21:59:33 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.06.19 08:17:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.06.05 22:19:00 | 000,076,407 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Smiley.ico [2010.02.17 13:59:51 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2010.02.08 17:11:33 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2010.02.08 17:11:23 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.02.08 17:11:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.08 17:11:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2010.02.08 17:11:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2010.02.08 17:11:00 | 000,001,926 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.02.08 17:07:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2010.02.08 09:07:16 | 000,000,070 | ---- | C] () -- C:\Windows\dbinside.ini [2010.01.29 21:41:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.29 21:09:09 | 000,000,095 | ---- | C] () -- C:\Users\philipp\AppData\Local\fusioncache.dat [2010.01.29 21:07:56 | 000,155,528 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe1.dat [2010.01.29 21:07:56 | 000,138,056 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\PnkBstrK.sys [2010.01.29 21:07:56 | 000,045,528 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe2.dat [2010.01.29 21:07:56 | 000,043,504 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe0.dat [2010.01.29 21:07:56 | 000,027,252 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe3.dat [2010.01.29 20:28:42 | 000,007,621 | ---- | C] () -- C:\Users\philipp\AppData\Local\Resmon.ResmonCfg [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2008.12.11 21:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.25 19:34:26 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2005.04.08 03:16:43 | 000,015,057 | -H-- | C] () -- C:\Users\philipp\AppData\Roaming\logs.dat [2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2010.09.05 10:41:39 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.oootesttool [2010.02.19 07:30:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.purple [2010.01.29 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Actecom [2010.01.29 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ankh [2010.03.17 12:04:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ankh - Heart of Osiris [2010.11.27 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon [2010.01.29 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Black Sea Studios [2010.02.12 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\dBpoweramp [2009.12.30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\FOG Downloader [2010.02.12 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\foobar2000 [2010.11.25 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\GetRightToGo [2010.02.08 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Glory of the Roman Empire [2010.11.23 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ [2010.07.22 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Imperium Romanum [2010.05.11 18:04:58 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\install [2010.02.12 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\NCH Swift Sound [2010.07.15 21:59:40 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenCandy [2010.03.06 15:56:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org [2010.01.29 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PC Suite [2010.01.30 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Recordpad [2010.01.29 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Samsung [2010.07.15 08:21:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Subversion [2010.06.19 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds [2010.01.29 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TomTom [2010.01.29 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TS3Client [2010.04.22 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft [2010.07.15 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uniblue [2010.06.14 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Windows Live Writer [2010.10.06 14:40:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:80337C03 < End of report > Extras.txt nter bekommen gejht nur wenn OTL logfile created on: 27.11.2010 11:05:16 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\philipp\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 6,73 Gb Free Space | 2,89% Space Free | Partition Type: NTFS Drive D: | 73,98 Gb Total Space | 57,58 Gb Free Space | 77,84% Space Free | Partition Type: NTFS Drive E: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PHILIPP-PC | User Name: philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\philipp\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) PRC - C:\Programme\buffed\BLASC.exe (Computec Media AG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\philipp\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hcw85cir) -- C:\Windows\System32\drivers\hcw85cir.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (hcw88bda) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (USBW9967) -- C:\Windows\System32\drivers\2kw9967.sys (Winbond Electronics Crop.) DRV - (HWIONT) -- C:\Programme\MoreTV.353\Hwiont.sys (The freeware company) DRV - (W9967CAM) -- C:\Windows\system32\DRIVERS\W9967STI.SYS (Winbond Electronics Crop.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2626277 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 37 46 FE 7B A7 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.blackskulls.eu/index.php?site=forum" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.1.0.12 FF - prefs.js..keyword.URL: "hxxp://utils.babylon.com/abt/index.php?url=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 18:05:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 18:05:18 | 000,000,000 | ---D | M] [2010.01.29 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions [2009.11.09 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.11.27 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions [2010.06.05 22:19:09 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2010.11.25 23:42:38 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2010.06.26 10:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.10 15:26:59 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010.10.08 21:19:49 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\battlefieldheroespatcher@ea.com [2010.11.23 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\d6ouxncv.default\extensions\ffxtlbr@babylon.com [2010.01.30 05:32:30 | 000,002,163 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\bing.xml [2010.09.16 18:48:08 | 000,000,941 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\conduit.xml [2010.11.22 18:22:06 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-1.xml [2010.04.03 09:57:44 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-2.xml [2010.06.06 03:09:46 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-3.xml [2010.06.28 15:40:31 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-4.xml [2010.07.31 12:13:02 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-5.xml [2010.10.02 14:49:28 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-6.xml [2010.10.04 18:05:44 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-7.xml [2010.10.25 15:59:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-8.xml [2010.11.23 22:27:36 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin-9.xml [2010.03.19 20:01:53 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\icqplugin.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\FireFox\Profiles\d6ouxncv.default\searchplugins\iMeshWebSearch.xml [2010.11.27 10:27:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.09 23:31:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.02 14:49:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.23 22:26:12 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.10.02 14:49:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010.10.02 14:49:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.02 14:49:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.02 14:49:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101101171951\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Media Star Toolbar) - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - C:\Programme\Media_Star\tbMedi.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [DataMngr] C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [BLASC] C:\Program Files\buffed\BLASC.exe (Computec Media AG) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [sckbrfxs] C:\Users\philipp\AppData\Local\Temp\bxgtdtjkr\tgdsjgrtsbl.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [xitlmnle] C:\Users\philipp\AppData\Local\Temp\dwmudrhhi\sipxouotsbl.exe () O4 - Startup: C:\Users\philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.27 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Malwarebytes [2010.11.27 10:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.27 10:25:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.27 10:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.27 10:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.27 02:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Media_Star [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\TorrentBitch [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\Programme\TorrentBitch [2010.11.27 01:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentBitch [2010.11.26 21:08:35 | 000,000,000 | ---D | C] -- C:\Programme\PATRIZIER II Gold [2010.11.26 19:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Drakensang [2010.11.25 23:42:42 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2010.11.25 23:42:40 | 000,000,000 | ---D | C] -- C:\Programme\BrotherSoft_Extreme [2010.11.25 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\GetRightToGo [2010.11.25 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\Downloads [2010.11.23 22:31:24 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.11.23 22:31:24 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.11.23 22:31:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.11.23 22:31:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.11.23 22:31:22 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.11.23 22:29:00 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.11.23 22:29:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.11.23 22:29:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.11.23 22:29:00 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.11.23 22:28:59 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.11.23 22:28:59 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.11.23 22:28:59 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.11.23 22:28:58 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.11.23 22:28:58 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.11.23 22:28:57 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.11.23 22:28:57 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.11.23 22:28:57 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.11.23 22:28:57 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.11.23 22:28:19 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2010.11.23 22:26:26 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\Babylon [2010.11.23 22:26:13 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2010.11.23 22:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Babylon [2010.11.23 22:26:09 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Babylon [2010.11.23 22:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2010.11.23 22:25:55 | 000,000,000 | ---D | C] -- C:\Programme\AudioConverter [2010.11.23 22:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.11.23 22:25:15 | 000,000,000 | ---D | C] -- C:\Programme\MP3 CD Converter Professional [2010.11.23 22:10:02 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\Reich und Sexy [2010.11.14 09:28:51 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\The Lord of the Rings Online [2010.11.14 09:28:51 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\The Lord of the Rings Online [2010.11.14 09:24:12 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\Turbine [2010.11.14 09:23:17 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.11.14 09:20:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2010.11.14 08:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters [2010.11.13 15:13:14 | 000,000,000 | ---D | C] -- C:\Programme\SimBin [2010.11.13 14:59:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2010.11.13 14:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.11.13 14:50:50 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.11.13 14:50:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.11.13 14:50:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.11.13 14:50:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.11.13 14:50:48 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.11.13 14:50:48 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.11.13 14:50:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.11.13 14:50:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.11.13 14:50:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.11.08 19:34:36 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\gothic3 [2010.11.08 19:01:59 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD [2010.11.06 11:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\1B136 [2010.11.05 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\LOTROEU_Enedwaith_DE_Installer [2010.11.01 17:09:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2010.10.31 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\Avira [2010.10.31 19:47:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.10.31 19:47:25 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.31 19:47:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.31 19:47:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.31 19:47:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.31 19:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.31 12:35:33 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Roaming\AVS4YOU [2010.10.31 12:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010.10.31 12:30:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.10.31 12:30:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVSMedia [2010.10.31 12:30:37 | 000,000,000 | ---D | C] -- C:\Programme\AVS4YOU [2010.10.31 12:26:49 | 000,000,000 | ---D | C] -- C:\AudioSuite [2010.10.31 12:24:34 | 000,000,000 | ---D | C] -- C:\Programme\Audio Recorder Pro [2010.10.31 01:38:10 | 000,000,000 | ---D | C] -- C:\Users\philipp\AppData\Local\reakktor [2010.10.31 01:38:07 | 000,000,000 | ---D | C] -- C:\Users\philipp\Documents\Reakktor Media [2010.10.30 18:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Medion [2010.10.30 15:50:00 | 000,000,000 | ---D | C] -- C:\Medion2 [2010.10.30 15:36:31 | 000,094,208 | ---- | C] (Winbond Electronics Corporation) -- C:\Windows\System32\wb9967.dll [2010.10.30 15:36:31 | 000,016,840 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\W9967usd.dll [2010.10.30 15:36:31 | 000,015,360 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\w67_ctom.ax [2010.10.30 15:36:31 | 000,010,256 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\drivers\W9967sti.sys [2010.10.30 15:36:30 | 000,376,832 | ---- | C] (Winbond Electronics Corp.) -- C:\Windows\System32\DsTW9968.dll [2010.10.30 15:36:30 | 000,122,880 | ---- | C] (Winbond) -- C:\Windows\System32\Dxcam68.dll [2010.10.30 15:36:30 | 000,000,000 | ---D | C] -- C:\Medion1 [2010.10.30 14:58:49 | 000,114,144 | ---- | C] (Winbond Electronics Crop.) -- C:\Windows\System32\drivers\2kw9967.sys [2010.10.30 14:58:49 | 000,000,000 | ---D | C] -- C:\Medion [2010.10.29 17:32:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.29 17:32:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.29 17:32:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.29 17:32:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.29 17:32:36 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.27 11:06:12 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.27 11:06:12 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.27 11:00:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.27 10:58:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.27 10:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.27 10:58:43 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2010.11.27 10:25:54 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.27 01:59:32 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\TorrentBitch.lnk [2010.11.26 23:25:32 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.11.26 23:25:12 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.11.26 21:13:47 | 000,001,043 | ---- | M] () -- C:\Users\philipp\Desktop\PATRIZIER II Gold starten.lnk [2010.11.26 19:39:01 | 000,001,875 | ---- | M] () -- C:\Users\philipp\Desktop\Drakensang.lnk [2010.11.26 17:00:02 | 000,007,621 | ---- | M] () -- C:\Users\philipp\AppData\Local\Resmon.ResmonCfg [2010.11.26 16:44:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.23 22:43:20 | 000,301,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.21 18:09:27 | 000,706,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.21 18:09:27 | 000,660,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.21 18:09:27 | 000,152,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.21 18:09:27 | 000,124,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.14 09:20:34 | 000,002,182 | ---- | M] () -- C:\Users\philipp\Desktop\Der Herr der Ringe Online.lnk [2010.11.13 15:29:47 | 000,001,149 | ---- | M] () -- C:\Users\philipp\Desktop\RACE 07 Offline.lnk [2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.08 19:15:14 | 000,001,416 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3 - Götterdämmerung.lnk [2010.11.08 19:15:14 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3.lnk [2010.11.04 17:35:02 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.11.04 17:28:32 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.01 17:09:36 | 000,001,159 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Audio Editor.lnk [2010.10.31 21:25:18 | 000,087,352 | ---- | M] () -- C:\Users\philipp\Documents\NR-20101031-001.mp3 [2010.10.31 19:47:45 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Herbert.lnk [2010.10.31 19:18:33 | 000,000,194 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat [2010.10.31 12:35:35 | 000,001,183 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Ringtone Maker.lnk [2010.10.31 12:30:42 | 000,001,183 | ---- | M] () -- C:\Users\philipp\Desktop\AVS Audio Recorder.lnk [2010.10.30 15:54:19 | 000,011,709 | ---- | M] () -- C:\Users\philipp\Documents\Entschuldigung The Wave.odt [2010.10.30 07:42:45 | 278,384,397 | ---- | M] () -- C:\Windows\MEMORY.DMP [4 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.27 10:25:54 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.27 09:53:58 | 000,659,968 | ---- | C] () -- C:\Users\philipp\AppData\Local\syssvc.exe [2010.11.27 01:59:32 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\TorrentBitch.lnk [2010.11.26 21:11:20 | 000,001,043 | ---- | C] () -- C:\Users\philipp\Desktop\PATRIZIER II Gold starten.lnk [2010.11.26 19:39:01 | 000,001,875 | ---- | C] () -- C:\Users\philipp\Desktop\Drakensang.lnk [2010.11.23 22:31:23 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.23 22:29:00 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.11.23 22:28:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.11.23 22:28:59 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.11.23 22:28:58 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.11.23 22:28:57 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.11.23 22:28:57 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.11.23 22:28:56 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.11.23 22:28:56 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.11.14 09:20:34 | 000,002,182 | ---- | C] () -- C:\Users\philipp\Desktop\Der Herr der Ringe Online.lnk [2010.11.13 15:29:47 | 000,001,149 | ---- | C] () -- C:\Users\philipp\Desktop\RACE 07 Offline.lnk [2010.11.08 19:15:14 | 000,001,416 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3 - Götterdämmerung.lnk [2010.11.08 19:15:14 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3.lnk [2010.11.04 17:35:02 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.11.01 17:09:36 | 000,001,159 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Audio Editor.lnk [2010.10.31 21:25:12 | 000,087,352 | ---- | C] () -- C:\Users\philipp\Documents\NR-20101031-001.mp3 [2010.10.31 19:47:45 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Herbert.lnk [2010.10.31 19:11:40 | 000,000,194 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat [2010.10.31 16:33:13 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.31 16:33:05 | 000,000,202 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.31 12:35:35 | 000,001,183 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Ringtone Maker.lnk [2010.10.31 12:30:42 | 000,001,183 | ---- | C] () -- C:\Users\philipp\Desktop\AVS Audio Recorder.lnk [2010.10.30 18:11:38 | 000,036,352 | ---- | C] () -- C:\Windows\Amcap.exe [2010.10.30 15:54:16 | 000,011,709 | ---- | C] () -- C:\Users\philipp\Documents\Entschuldigung The Wave.odt [2010.10.30 15:36:31 | 000,107,780 | ---- | C] () -- C:\Windows\System32\wb67ext.dll [2010.10.30 15:36:30 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Bmpproc.dll [2010.09.05 10:41:39 | 000,000,601 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\testtool.ini [2010.08.09 23:31:41 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.15 21:59:33 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.06.19 08:17:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.06.05 22:19:00 | 000,076,407 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Smiley.ico [2010.02.17 13:59:51 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2010.02.08 17:11:33 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2010.02.08 17:11:23 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.02.08 17:11:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.08 17:11:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2010.02.08 17:11:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2010.02.08 17:11:00 | 000,001,926 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.02.08 17:07:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2010.02.08 09:07:16 | 000,000,070 | ---- | C] () -- C:\Windows\dbinside.ini [2010.01.29 21:41:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.29 21:09:09 | 000,000,095 | ---- | C] () -- C:\Users\philipp\AppData\Local\fusioncache.dat [2010.01.29 21:07:56 | 000,155,528 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe1.dat [2010.01.29 21:07:56 | 000,138,056 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\PnkBstrK.sys [2010.01.29 21:07:56 | 000,045,528 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe2.dat [2010.01.29 21:07:56 | 000,043,504 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe0.dat [2010.01.29 21:07:56 | 000,027,252 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Patch-Master.exe3.dat [2010.01.29 20:28:42 | 000,007,621 | ---- | C] () -- C:\Users\philipp\AppData\Local\Resmon.ResmonCfg [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2008.12.11 21:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.25 19:34:26 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2005.04.08 03:16:43 | 000,015,057 | -H-- | C] () -- C:\Users\philipp\AppData\Roaming\logs.dat [2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2010.09.05 10:41:39 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.oootesttool [2010.02.19 07:30:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.purple [2010.01.29 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Actecom [2010.01.29 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ankh [2010.03.17 12:04:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ankh - Heart of Osiris [2010.11.27 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon [2010.01.29 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Black Sea Studios [2010.02.12 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\dBpoweramp [2009.12.30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\FOG Downloader [2010.02.12 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\foobar2000 [2010.11.25 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\GetRightToGo [2010.02.08 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Glory of the Roman Empire [2010.11.23 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ [2010.07.22 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Imperium Romanum [2010.05.11 18:04:58 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\install [2010.02.12 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\NCH Swift Sound [2010.07.15 21:59:40 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenCandy [2010.03.06 15:56:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org [2010.01.29 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PC Suite [2010.01.30 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Recordpad [2010.01.29 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Samsung [2010.07.15 08:21:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Subversion [2010.06.19 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds [2010.01.29 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TomTom [2010.01.29 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TS3Client [2010.04.22 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft [2010.07.15 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uniblue [2010.06.14 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Windows Live Writer [2010.10.06 14:40:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:80337C03 < End of report > ich hofffe das mir jemand im Forum bei meinem Problem helfen kann. mfg. PrinzJesus |
|
27.11.2010, 11:42
| #2 |
| /// Malware-holic   | Problem mit Antivirus Action • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [sckbrfxs] C:\Users\philipp\AppData\Local\Temp\bxgtdtjkr\tgdsjgrtsbl.exe () O4 - HKCU..\Run: [xitlmnle] C:\Users\philipp\AppData\Local\Temp\dwmudrhhi\sipxouotsbl.exe () [2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.31 19:18:33 | 000,000,194 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
27.11.2010, 12:53
| #3 |
| | Problem mit Antivirus Action All processes killed
__________________Error: Unable to interpret <[EMPTYFLASH]> in the current context! Error: Unable to interpret <[emptytemp]> in the current context! Error: Unable to interpret <[Reboot]> in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11272010_123928 Files\Folders moved on Reboot... Registry entries deleted on Reboot... das kommt jetzt wenn ich OTL starte. Hoffe das sie diese Nachricht gemeint haben. Und Danke schinmal für die schnelle Hilfe |
|
27.11.2010, 12:57
| #4 |
| /// Malware-holic | Problem mit Antivirus Action du hasts falsch gemacht. kopiere alles ab :Otl bist zur rebot zeile und dann einfügen und dann auf fix klicken.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.11.2010, 13:07
| #5 |
| /// Malware-holic | Problem mit Antivirus Action ok es scheint doch geklappt zu haben. hast du folgende datei noch? C:\Users\philipp\Downloads\AntiSpyWareSetup.exe dann im upload bereich hochladen!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.11.2010, 13:08
| #6 |
| | Problem mit Antivirus Action All processes killed Error: Unable to interpret <O4 - HKCU..\Run: [sckbrfxs] C:\Users\philipp\AppData\Local\Temp\bxgtdtjkr\tgdsjgrtsbl.exe ()> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [xitlmnle] C:\Users\philipp\AppData\Local\Temp\dwmudrhhi\sipxouotsbl.exe ()> in the current context! Error: Unable to interpret <[2010.11.27 10:58:56 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job> in the current context! Error: Unable to interpret <[2010.11.10 19:19:08 | 000,000,202 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job> in the current context! Error: Unable to interpret <[2010.10.31 19:18:33 | 000,000,194 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\dkfjasdfshd.bat> in the current context! ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Gast User: philipp ->Flash cache emptied: 17595 bytes User: PrinzJesus User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 50697 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 3950145 bytes User: philipp ->Temp folder emptied: 899527048 bytes ->Temporary Internet Files folder emptied: 58595875 bytes ->Java cache emptied: 47153315 bytes ->FireFox cache emptied: 86414978 bytes ->Flash cache emptied: 0 bytes User: PrinzJesus User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18320208 bytes RecycleBin emptied: 13792509973 bytes Total Files Cleaned = 14.216,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11272010_125810 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Der Text kam grad als ich den neustart hatte Den upload mach ich auch nochma |
|
27.11.2010, 13:10
| #7 |
| /// Malware-holic | Problem mit Antivirus Action ne den upload brauch ich eig nicht noch mal. schau mal auf die frage die ich über deinem post gestellt hab. sorry ich hatte zu spät in unseren upload geschaut und gesehen das es vorhin doch erfolgreich gewesen ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.11.2010, 13:14
| #8 |
| | Problem mit Antivirus Action sry aber die Datei findet mein Rechner nicht. |
|
27.11.2010, 13:15
| #9 |
| /// Malware-holic | Problem mit Antivirus Action ok. öffne mal malwarebytes, logdateien, scan log(s) posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.11.2010, 17:00
| #10 |
| | Problem mit Antivirus Action sry das es solang gedauert hat musste nochma das Maleware programm durchlaufen lassen waren iwie keine logs drin Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5198 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27.11.2010 16:14:04 mbam-log-2010-11-27 (16-14-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 347626 Laufzeit: 2 Stunde(n), 56 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) das die log datei (musste allerdings bei D\Windows\System abbrechen es waren 7 datein und der hat 1h gesucht und ständig was wiederholt |
|
27.11.2010, 17:33
| #11 |
| /// Malware-holic | Problem mit Antivirus Action bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Problem mit Antivirus Action |
| 32 bit, akamai, alternate, antivir, antivirus, autorun, avg, avgntflt.sys, avira, babylon toolbar, babylontoolbar, bho, conduit, corp./icp, datamngr, datamngr.dll, desktop, error, firefox, fontcache, format, google, home, langs, location, log datei, logfile, mozilla, mp3, nvlddmkm.sys, nvstor.sys, object, oldtimer, pando media booster, plug-in, problem, programdata, realtek, registry, scan, searchplugins, security, software, start menu, webcheck, windows |
Linear-Darstellung
