| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: iexplore.exe offen, brauche hilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2010, 18:42
| #1 |
 |  iexplore.exe offen, brauche hilfe hallo, liebe boardcommunity ich hab schone inige zeit damit verbracht wegen diesem problem rumzugooglen aber alle gezeigten lösungen hatten entweder keinen erfolg oder ich bin wohl einfach zu dumm dazu  hier mein problem: iexplore.exe ist 1-3X offen und öffnet sich selbstständig nach dem schließen via taskmanager wieder... hier mein hijack this logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:37:18, on 22.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Game Booster\GameBox.exe C:\Windows\vVX1000.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\******\Downloads\HiJackThis204.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - Unknown owner - C:\Windows\system32\pr2ah4nc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9334 bytes ------schonmal danke im vorraus gruß Alonso |
|
22.12.2010, 21:38
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | iexplore.exe offen, brauche hilfe Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
23.12.2010, 01:52
| #3 |
| | iexplore.exe offen, brauche hilfe malware log:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5379 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 23.12.2010 01:41:26 mbam-log-2010-12-23 (01-41-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 411969 Laufzeit: 48 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ---------------------OTL1 ------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.12.2010 01:44:21 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Alonso\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 638,54 Gb Total Space | 240,49 Gb Free Space | 37,66% Space Free | Partition Type: NTFS Drive D: | 292,87 Gb Total Space | 292,77 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: OSNOLA | User Name: Alonso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\IObit\Game Booster\GameBox.exe (IObit) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS) DRV:64bit: - (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F E7 47 CA 48 2F CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.16 00:23:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.12 11:40:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.11.30 18:44:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2010.07.29 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Extensions [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions [2010.10.16 20:42:07 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.30 16:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.19 19:20:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.18 00:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.31 00:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\battlefieldheroespatcher@ea.com [2010.10.01 10:24:05 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\fbdislike@doweb.fr [2010.11.19 21:38:21 | 000,000,873 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\conduit.xml [2010.12.21 20:20:46 | 000,001,056 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\icqplugin.xml [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.12.09 14:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Alonso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.10 23:46:44 | 000,564,218 | R--- | M] () - E:\Autorun.dbd -- [ UDF ] O32 - AutoRun File - [2007.08.31 19:16:25 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.09.06 07:18:49 | 000,004,039 | R--- | M] () - E:\Autorun.txt -- [ UDF ] O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007.09.14 06:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.23 01:43:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 00:51:22 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Malwarebytes [2010.12.23 00:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.23 00:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.23 00:50:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.23 00:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.22 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Ventrilo [2010.12.22 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\TS3Client [2010.12.21 14:09:46 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.12.21 14:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2010.12.17 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DX-Ball [2010.12.16 17:23:07 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.14 15:01:11 | 000,000,000 | R--D | C] -- C:\Users\Alonso\Desktop\Eigene Videos [2010.12.09 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.05 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\media [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\The Lord of the Rings Online [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\The Lord of the Rings Online [2010.12.04 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Turbine [2010.12.04 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Turbine [2010.12.04 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\ApplicationHistory [2010.12.04 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2010.12.03 17:47:50 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Data &Folders [2010.12.03 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Tools [2010.12.03 17:45:58 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Games [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Google [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.11.30 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7 [2010.11.28 12:10:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.11.27 16:12:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.11.27 16:12:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.11.27 16:12:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.11.27 16:12:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.11.27 16:12:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.11.27 16:12:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.11.27 16:12:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.11.27 16:12:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.11.27 16:12:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.11.27 16:12:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.11.27 16:12:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.11.27 16:12:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.11.27 16:12:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.11.27 16:12:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.11.27 16:12:09 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.11.27 16:12:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.11.27 16:12:09 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.11.27 16:12:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.11.27 16:12:09 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.11.27 16:12:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.11.27 16:12:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.11.27 16:12:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.11.27 16:12:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.11.27 16:12:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.11.27 16:12:07 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.11.27 16:12:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.11.27 16:12:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.11.27 16:12:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.11.27 16:12:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.11.27 16:11:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.11.27 16:11:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.11.27 16:11:58 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.11.27 16:11:58 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.11.27 16:11:57 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.11.27 16:11:54 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.11.27 16:11:51 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.11.27 16:11:51 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.11.27 16:11:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.11.27 16:11:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.11.27 16:11:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.11.27 16:11:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.11.27 16:11:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.11.27 16:11:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.11.25 18:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media [2010.11.25 18:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2010.11.25 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluefish Games [2010.11.23 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.11.23 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Alonso\SystemRequirementsLab [2010.11.23 17:12:17 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.11.23 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Alonso\OgitorProjects [2010.11.23 17:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ogitor [2010.11.23 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\SimBin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.23 01:43:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 01:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.23 00:50:56 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:39:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.23 00:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.23 00:38:54 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys [2010.12.21 14:09:46 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.16 17:23:07 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.15 21:47:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.14 15:03:57 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.14 15:03:57 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.14 15:03:57 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.14 15:03:57 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.14 15:03:57 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.13 13:01:13 | 285,052,202 | ---- | M] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:58:53 | 014,659,775 | ---- | M] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:46 | 000,644,137 | ---- | M] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:33 | 002,558,422 | ---- | M] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | M] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:09:19 | 001,526,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.28 12:10:41 | 240,304,771 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.23 00:50:56 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.21 14:09:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.13 12:58:23 | 285,052,202 | ---- | C] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:53:55 | 014,659,775 | ---- | C] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:45 | 000,644,137 | ---- | C] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:32 | 002,558,422 | ---- | C] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | C] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:08:16 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.03 12:38:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.03 12:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.28 12:10:41 | 240,304,771 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.18 13:17:17 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2010.11.02 22:26:52 | 000,003,584 | ---- | C] () -- C:\Users\Alonso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.07 17:09:49 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.08.05 16:20:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.05.20 15:26:28 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.08.07 18:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:322D2CD3 < End of report > PRC - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\IObit\Game Booster\GameBox.exe (IObit) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\TortoiseSVN\bin\TortoiseSVN.dll (hxxp://tortoisesvn.net) MOD - C:\Program Files (x86)\TortoiseSVN\bin\TortoiseStub.dll (hxxp://tortoisesvn.net) MOD - C:\Program Files (x86)\TortoiseSVN\bin\libaprutil_tsvn.dll (Apache Software Foundation) MOD - C:\Program Files (x86)\TortoiseSVN\bin\libapr_tsvn.dll (Apache Software Foundation) MOD - C:\Program Files (x86)\TortoiseSVN\bin\intl3_tsvn.dll (Free Software Foundation) MOD - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) MOD - C:\Windows\SysWOW64\shfolder.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS) DRV:64bit: - (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F E7 47 CA 48 2F CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.16 00:23:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.12 11:40:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.11.30 18:44:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2010.07.29 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Extensions [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions [2010.10.16 20:42:07 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.30 16:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.19 19:20:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.18 00:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.31 00:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\battlefieldheroespatcher@ea.com [2010.10.01 10:24:05 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\fbdislike@doweb.fr [2010.11.19 21:38:21 | 000,000,873 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\conduit.xml [2010.12.21 20:20:46 | 000,001,056 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\icqplugin.xml [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.12.09 14:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Alonso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.10 23:46:44 | 000,564,218 | R--- | M] () - E:\Autorun.dbd -- [ UDF ] O32 - AutoRun File - [2007.08.31 19:16:25 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.09.06 07:18:49 | 000,004,039 | R--- | M] () - E:\Autorun.txt -- [ UDF ] O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007.09.14 06:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.23 01:43:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 00:51:22 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Malwarebytes [2010.12.23 00:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.23 00:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.23 00:50:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.23 00:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.22 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Ventrilo [2010.12.22 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\TS3Client [2010.12.21 14:09:46 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.12.21 14:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2010.12.17 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DX-Ball [2010.12.16 17:23:07 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.14 15:01:11 | 000,000,000 | R--D | C] -- C:\Users\Alonso\Desktop\Eigene Videos [2010.12.09 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.05 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\media [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\The Lord of the Rings Online [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\The Lord of the Rings Online [2010.12.04 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Turbine [2010.12.04 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Turbine [2010.12.04 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\ApplicationHistory [2010.12.04 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2010.12.03 17:47:50 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Data &Folders [2010.12.03 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Tools [2010.12.03 17:45:58 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Games [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Google [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.11.30 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7 [2010.11.28 12:10:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.11.27 16:12:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.11.27 16:12:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.11.27 16:12:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.11.27 16:12:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.11.27 16:12:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.11.27 16:12:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.11.27 16:12:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.11.27 16:12:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.11.27 16:12:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.11.27 16:12:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.11.27 16:12:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.11.27 16:12:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.11.27 16:12:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.11.27 16:12:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.11.27 16:12:09 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.11.27 16:12:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.11.27 16:12:09 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.11.27 16:12:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.11.27 16:12:09 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.11.27 16:12:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.11.27 16:12:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.11.27 16:12:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.11.27 16:12:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.11.27 16:12:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.11.27 16:12:07 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.11.27 16:12:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.11.27 16:12:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.11.27 16:12:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.11.27 16:12:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.11.27 16:11:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.11.27 16:11:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.11.27 16:11:58 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.11.27 16:11:58 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.11.27 16:11:57 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.11.27 16:11:54 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.11.27 16:11:51 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.11.27 16:11:51 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.11.27 16:11:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.11.27 16:11:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.11.27 16:11:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.11.27 16:11:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.11.27 16:11:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.11.27 16:11:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.11.25 18:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media [2010.11.25 18:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2010.11.25 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluefish Games [2010.11.23 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.11.23 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Alonso\SystemRequirementsLab [2010.11.23 17:12:17 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.11.23 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Alonso\OgitorProjects [2010.11.23 17:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ogitor [2010.11.23 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\SimBin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.23 01:43:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 01:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.23 00:50:56 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:39:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.23 00:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.23 00:38:54 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys [2010.12.21 14:09:46 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.16 17:23:07 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.15 21:47:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.14 15:03:57 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.14 15:03:57 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.14 15:03:57 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.14 15:03:57 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.14 15:03:57 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.13 13:01:13 | 285,052,202 | ---- | M] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:58:53 | 014,659,775 | ---- | M] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:46 | 000,644,137 | ---- | M] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:33 | 002,558,422 | ---- | M] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | M] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:09:19 | 001,526,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.28 12:10:41 | 240,304,771 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.23 00:50:56 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.21 14:09:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.13 12:58:23 | 285,052,202 | ---- | C] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:53:55 | 014,659,775 | ---- | C] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:45 | 000,644,137 | ---- | C] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:32 | 002,558,422 | ---- | C] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | C] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:08:16 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.03 12:38:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.03 12:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.28 12:10:41 | 240,304,771 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.18 13:17:17 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2010.11.02 22:26:52 | 000,003,584 | ---- | C] () -- C:\Users\Alonso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.07 17:09:49 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.08.05 16:20:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.05.20 15:26:28 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.08.07 18:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:322D2CD3 < End of report > -------------------------------OTL 2------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.12.2010 01:44:21 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Alonso\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 638,54 Gb Total Space | 240,49 Gb Free Space | 37,66% Space Free | Partition Type: NTFS Drive D: | 292,87 Gb Total Space | 292,77 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: OSNOLA | User Name: Alonso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\IObit\Game Booster\GameBox.exe (IObit) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Alonso\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS) DRV:64bit: - (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F E7 47 CA 48 2F CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.16 00:23:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.12 11:40:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.11.30 18:44:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2010.07.29 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Extensions [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions [2010.10.16 20:42:07 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.30 16:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.19 19:20:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.18 00:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.31 00:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\battlefieldheroespatcher@ea.com [2010.10.01 10:24:05 | 000,000,000 | ---D | M] -- C:\Users\Alonso\AppData\Roaming\mozilla\Firefox\Profiles\121wfxjf.default\extensions\fbdislike@doweb.fr [2010.11.19 21:38:21 | 000,000,873 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\conduit.xml [2010.12.21 20:20:46 | 000,001,056 | ---- | M] () -- C:\Users\Alonso\AppData\Roaming\Mozilla\FireFox\Profiles\121wfxjf.default\searchplugins\icqplugin.xml [2010.12.22 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.12.09 14:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Alonso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.10 23:46:44 | 000,564,218 | R--- | M] () - E:\Autorun.dbd -- [ UDF ] O32 - AutoRun File - [2007.08.31 19:16:25 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.09.06 07:18:49 | 000,004,039 | R--- | M] () - E:\Autorun.txt -- [ UDF ] O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007.09.14 06:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.23 01:43:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 00:51:22 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Malwarebytes [2010.12.23 00:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.23 00:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.23 00:50:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.23 00:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.22 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Ventrilo [2010.12.22 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\TS3Client [2010.12.21 14:09:46 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.12.21 14:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2010.12.20 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2010.12.17 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DX-Ball [2010.12.16 17:23:07 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.14 15:01:11 | 000,000,000 | R--D | C] -- C:\Users\Alonso\Desktop\Eigene Videos [2010.12.09 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.05 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\media [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\The Lord of the Rings Online [2010.12.04 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\The Lord of the Rings Online [2010.12.04 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Roaming\Turbine [2010.12.04 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Turbine [2010.12.04 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\ApplicationHistory [2010.12.04 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2010.12.03 17:47:50 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Data &Folders [2010.12.03 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Tools [2010.12.03 17:45:58 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Desktop\Games [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Alonso\AppData\Local\Google [2010.12.03 12:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.11.30 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7 [2010.11.28 12:10:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.11.27 16:12:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.11.27 16:12:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.11.27 16:12:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.11.27 16:12:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.11.27 16:12:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.11.27 16:12:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.11.27 16:12:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.11.27 16:12:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.11.27 16:12:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.11.27 16:12:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.11.27 16:12:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.11.27 16:12:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.11.27 16:12:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.11.27 16:12:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.11.27 16:12:09 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.11.27 16:12:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.11.27 16:12:09 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.11.27 16:12:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.11.27 16:12:09 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.11.27 16:12:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.11.27 16:12:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.11.27 16:12:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.11.27 16:12:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.11.27 16:12:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.11.27 16:12:07 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.11.27 16:12:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.11.27 16:12:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.11.27 16:12:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.11.27 16:12:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.11.27 16:11:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.11.27 16:11:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.11.27 16:11:58 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.11.27 16:11:58 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.11.27 16:11:57 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.11.27 16:11:54 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.11.27 16:11:51 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.11.27 16:11:51 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.11.27 16:11:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.11.27 16:11:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.11.27 16:11:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.11.27 16:11:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.11.27 16:11:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.11.27 16:11:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.11.25 18:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media [2010.11.25 18:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2010.11.25 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluefish Games [2010.11.23 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.11.23 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Alonso\SystemRequirementsLab [2010.11.23 17:12:17 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.11.23 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Alonso\OgitorProjects [2010.11.23 17:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ogitor [2010.11.23 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Alonso\Documents\SimBin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.23 01:43:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso\Desktop\OTL.exe [2010.12.23 01:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.23 00:50:56 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:46:25 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 00:39:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.23 00:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.23 00:38:54 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys [2010.12.21 14:09:46 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.16 17:23:07 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.15 21:47:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.12.15 21:47:32 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.14 15:03:57 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.14 15:03:57 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.14 15:03:57 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.14 15:03:57 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.14 15:03:57 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.13 13:01:13 | 285,052,202 | ---- | M] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:58:53 | 014,659,775 | ---- | M] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:46 | 000,644,137 | ---- | M] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:33 | 002,558,422 | ---- | M] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | M] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:09:19 | 001,526,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.28 12:10:41 | 240,304,771 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.23 00:50:56 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.21 14:09:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.12.20 19:56:43 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.12.20 19:56:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2010.12.13 12:58:23 | 285,052,202 | ---- | C] () -- C:\Users\Alonso\Desktop\1378.rar [2010.12.10 16:53:55 | 014,659,775 | ---- | C] () -- C:\Users\Alonso\Desktop\Fruit_Ninja_v1.3.apk [2010.12.10 16:41:45 | 000,644,137 | ---- | C] () -- C:\Users\Alonso\Desktop\DoodleJump_ver1.0.apk [2010.12.09 23:57:32 | 002,558,422 | ---- | C] () -- C:\Users\Alonso\Desktop\Raging_Thunder__1.0.7_.apk [2010.12.04 14:09:36 | 000,000,094 | ---- | C] () -- C:\Users\Alonso\AppData\Local\fusioncache.dat [2010.12.04 14:08:16 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.03 12:38:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.03 12:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.28 12:10:41 | 240,304,771 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.18 13:17:17 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2010.11.02 22:26:52 | 000,003,584 | ---- | C] () -- C:\Users\Alonso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.07 17:09:49 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.08.05 16:20:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.05.20 15:26:28 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.08.07 18:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:322D2CD3 < End of report > danke für die flotte antwort  |
|
23.12.2010, 09:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - AutoRun File - [2007.09.10 23:46:44 | 000,564,218 | R--- | M] () - E:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2007.08.31 19:16:25 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.06 07:18:49 | 000,004,039 | R--- | M] () - E:\Autorun.txt -- [ UDF ]
O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007.09.14 06:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation)
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:322D2CD3
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2010, 12:27
| #5 |
| | iexplore.exe offen, brauche hilfe All processes killed ========== OTL ========== File move failed. E:\Autorun.dbd scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\Autorun.txt scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8ec22e3-9b6b-11df-a187-806e6f6e6963}\ not found. File move failed. E:\Launch.exe scheduled to be moved on reboot. ADS C:\ProgramData\TEMP:322D2CD3 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Alonso ->Temp folder emptied: 448488640 bytes ->Temporary Internet Files folder emptied: 26499180 bytes ->Java cache emptied: 4686648 bytes ->FireFox cache emptied: 279874559 bytes ->Opera cache emptied: 3150194 bytes ->Flash cache emptied: 431077 bytes User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: qwerty User: Uli %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 647626 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 728,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 12232010_121602 Files\Folders moved on Reboot... File move failed. E:\Autorun.dbd scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\Autorun.txt scheduled to be moved on reboot. File move failed. E:\Launch.exe scheduled to be moved on reboot. C:\Users\Alonso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... ich hab jetzt kein iexplore.exe mehr in der liste vielen dank   |
|
23.12.2010, 12:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> iexplore.exe offen, brauche hilfe |
|
23.12.2010, 13:23
| #7 |
| | iexplore.exe offen, brauche hilfe Combofix Logfile: Code:
ATTFilter ComboFix 10-12-22.05 - Alonso 23.12.2010 12:57:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4059.2888 [GMT 1:00]
ausgeführt von:: c:\users\Alonso\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-23 bis 2010-12-23 ))))))))))))))))))))))))))))))
.
2010-12-23 12:02 . 2010-12-23 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 11:49 . 2010-12-23 11:49 -------- d-----w- c:\program files\CCleaner
2010-12-23 11:45 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981D6B0D-1034-44F5-8BA6-7A5A1C4414F6}\mpengine.dll
2010-12-23 11:16 . 2010-12-23 11:16 -------- d-----w- C:\_OTL
2010-12-22 23:51 . 2010-12-22 23:51 -------- d-----w- c:\users\Alonso\AppData\Roaming\Malwarebytes
2010-12-22 23:50 . 2010-12-22 23:50 -------- d-----w- c:\programdata\Malwarebytes
2010-12-22 23:50 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-22 23:50 . 2010-12-22 23:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-22 23:50 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 16:56 . 2010-12-22 16:56 -------- d-----w- c:\users\Alonso\AppData\Roaming\Ventrilo
2010-12-22 16:54 . 2010-12-22 16:54 -------- d-----w- c:\users\Alonso\AppData\Roaming\TS3Client
2010-12-21 13:09 . 2010-12-21 13:09 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-12-21 13:09 . 2010-12-21 13:09 -------- d-----w- c:\program files (x86)\Ventrilo
2010-12-20 18:56 . 2010-12-20 18:56 -------- d-----w- c:\programdata\IObit
2010-12-20 18:56 . 2010-12-20 18:56 -------- d-----w- c:\program files (x86)\IObit
2010-12-17 20:08 . 2010-12-17 20:08 -------- d-----w- c:\program files (x86)\DX-Ball
2010-12-16 16:23 . 2010-12-16 16:23 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2010-12-09 13:10 . 2010-12-09 13:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-04 16:55 . 2010-12-04 16:55 -------- d-----w- c:\users\Alonso\AppData\Local\The Lord of the Rings Online
2010-12-04 13:49 . 2010-12-04 13:49 -------- d-----w- c:\users\Alonso\AppData\Roaming\Turbine
2010-12-04 13:49 . 2010-12-04 16:00 -------- d-----w- c:\users\Alonso\AppData\Local\Turbine
2010-12-04 13:09 . 2010-12-04 17:04 -------- d-----w- c:\users\Alonso\AppData\Local\ApplicationHistory
2010-12-04 13:07 . 2010-12-04 13:07 -------- d-----w- c:\windows\SysWow64\URTTEMP
2010-12-03 11:38 . 2010-12-03 11:40 -------- d-----w- c:\users\Alonso\AppData\Local\Google
2010-12-03 11:38 . 2010-12-03 11:40 -------- d-----w- c:\program files (x86)\Google
2010-11-30 17:44 . 2010-11-30 17:44 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 7
2010-11-27 15:11 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2010-11-25 17:00 . 2010-11-25 17:00 -------- d-----w- c:\programdata\Bluefish Media
2010-11-25 17:00 . 2010-11-25 17:00 -------- d-----w- c:\programdata\Trymedia
2010-11-25 17:00 . 2010-12-22 17:14 -------- d-----w- c:\program files (x86)\Bluefish Games
2010-11-23 18:32 . 2010-11-23 18:32 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2010-11-23 18:32 . 2010-11-23 18:32 -------- d-----w- c:\users\Alonso\SystemRequirementsLab
2010-11-23 16:12 . 2010-12-08 15:47 -------- d-----w- c:\users\Alonso\OgitorProjects
2010-11-23 16:12 . 2010-11-23 16:12 -------- d-----w- c:\program files (x86)\Ogitor
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 20:47 . 2010-07-29 18:44 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-15 20:47 . 2010-07-29 19:06 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-15 20:47 . 2010-07-29 18:44 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-22 13:57 . 2010-08-30 12:53 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-07-29 18:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 08:09 . 2010-10-01 08:09 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-10-01 08:08 . 2010-10-01 08:08 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-10-01 08:08 . 2010-10-01 08:08 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-10-01 08:08 . 2010-10-01 08:08 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160]
c:\users\Alonso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 136176]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-10-01 13352]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 72560]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 77176]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-01 34032]
.
Inhalt des "geplante Tasks" Ordners
2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 11:38]
2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 11:38]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Free YouTube to Mp3 Converter - c:\users\Alonso\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\Alonso\AppData\Roaming\Mozilla\Firefox\Profiles\121wfxjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: <?xmlversion=1.0?><RDF xmlns=hxxp://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=hxxp://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-{52D1D62C-FEAB-4580-849E-1DB624BADBBD} - c:\program files (x86)\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3371379550-2264585463-3318272520-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4f,bb,e4,fe,84,4d,80,f2,91,16,c6,05,27,a2,d5,03,e5,33,97,50,61,6b,49,
49,4c,28,ea,20,06,4a,b8,9c,6c,8f,8c,de,ec,cc,48,c6,f7,04,ba,de,bb,81,2e,b5,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-3371379550-2264585463-3318272520-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,e8,75,1c,75,12,f1,db,55,f5,28,cc,cf,ab,71,80,d2,1c,62,f0,d5,
83,c9,c3,66,92,af,7b,b0,e5,dd,9f,ba,02,57,67,49,33,1d,64,85,82,7a,87,4a,f7,\
"rkeysecu"=hex:2d,14,ff,8b,6e,e1,28,a1,b9,93,93,1d,4f,fc,1a,84
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-23 13:03:21
ComboFix-quarantined-files.txt 2010-12-23 12:03
Vor Suchlauf: 14 Verzeichnis(se), 257.280.049.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 257.188.048.896 Bytes frei
- - End Of File - - F362B32E89180E8B5281AF1FD2CA2899
|
|
23.12.2010, 14:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2010, 15:06
| #9 |
| | iexplore.exe offen, brauche hilfe MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: H55M-UD2H Logical Drives Mask: 0x0000001d Kernel Drivers (total 194): 0x02E5C000 \SystemRoot\system32\ntoskrnl.exe 0x02E13000 \SystemRoot\system32\hal.dll 0x00BC3000 \SystemRoot\system32\kdcom.dll 0x00C94000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CD8000 \SystemRoot\system32\PSHED.dll 0x00CEC000 \SystemRoot\system32\CLFS.SYS 0x00EB7000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F77000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FCE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FD7000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00D4A000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FE1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00D7D000 \SystemRoot\System32\drivers\partmgr.sys 0x00D92000 \SystemRoot\system32\drivers\ps6ah4nc.sys 0x00DA9000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FEE000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FF5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00DBE000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00DE8000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0105B000 \SystemRoot\system32\drivers\fltmgr.sys 0x010A7000 \SystemRoot\system32\drivers\fileinfo.sys 0x01245000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010BB000 \SystemRoot\System32\Drivers\msrpc.sys 0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01119000 \SystemRoot\System32\Drivers\cng.sys 0x0121A000 \SystemRoot\System32\drivers\pcw.sys 0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01455000 \SystemRoot\system32\drivers\ndis.sys 0x01547000 \SystemRoot\system32\drivers\NETIO.SYS 0x015A7000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0118C000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0144A000 \SystemRoot\System32\Drivers\spldr.sys 0x015D2000 \SystemRoot\SysWOW64\speedfan.sys 0x01000000 \SystemRoot\System32\drivers\rdyboost.sys 0x015D9000 \SystemRoot\system32\drivers\pe3ah4nc.sys 0x013E8000 \SystemRoot\System32\Drivers\mup.sys 0x015EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018CE000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01908000 \SystemRoot\system32\DRIVERS\disk.sys 0x0191E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01984000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x019AE000 \SystemRoot\System32\Drivers\Null.SYS 0x019B7000 \SystemRoot\System32\Drivers\Beep.SYS 0x019BE000 \SystemRoot\System32\drivers\vga.sys 0x019CC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01800000 \SystemRoot\System32\drivers\watchdog.sys 0x01810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01819000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01822000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0182B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01836000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01847000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01865000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C6C000 \SystemRoot\system32\drivers\afd.sys 0x02CF6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D44000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D6A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D79000 \SystemRoot\system32\DRIVERS\serial.sys 0x02D96000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DB1000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DC5000 \SystemRoot\System32\drivers\discache.sys 0x02DD4000 \SystemRoot\System32\Drivers\dfsc.sys 0x01872000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01883000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x018A5000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0103A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0FEE2000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x10B74000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x03A3F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03B33000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03B79000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03B9D000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03BAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03A00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03A11000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x10B76000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x10BA8000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x03A1E000 \SystemRoot\system32\DRIVERS\fdc.sys 0x03A2B000 \SystemRoot\system32\DRIVERS\serenum.sys 0x0FE00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0FE1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0FE2D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0FE3D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0FE53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0FE77000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0FE83000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0FEB2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x011D8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x10BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0FECD000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02DF2000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x03A37000 \SystemRoot\system32\DRIVERS\swenum.sys 0x042BA000 \SystemRoot\system32\DRIVERS\ks.sys 0x042FD000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0430F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04369000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x04374000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04389000 \SystemRoot\system32\drivers\nvhda64v.sys 0x043AC000 \SystemRoot\system32\drivers\portcls.sys 0x04200000 \SystemRoot\system32\drivers\drmk.sys 0x04222000 \SystemRoot\system32\drivers\ksthunk.sys 0x04228000 \SystemRoot\system32\drivers\HdAudio.sys 0x04284000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x042A1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x042A3000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05009000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05022000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05201000 \SystemRoot\system32\DRIVERS\VX1000.sys 0x0502B000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x0503C000 \SystemRoot\system32\drivers\usbaudio.sys 0x05057000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x000B0000 \SystemRoot\System32\win32k.sys 0x05064000 \SystemRoot\System32\drivers\Dxapi.sys 0x05070000 \SystemRoot\system32\DRIVERS\udfs.sys 0x050C4000 \SystemRoot\System32\Drivers\crashdmp.sys 0x050D2000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x050DE000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x050E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x050FA000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00480000 \SystemRoot\System32\TSDDD.dll 0x00620000 \SystemRoot\System32\cdd.dll 0x05108000 \SystemRoot\system32\drivers\luafv.sys 0x0512B000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x05148000 \SystemRoot\system32\drivers\WudfPf.sys 0x05169000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0517E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x05A03000 \SystemRoot\system32\drivers\HTTP.sys 0x05ACB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05AE9000 \SystemRoot\System32\drivers\mpsdrv.sys 0x05B01000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05B2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x05B7A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05B9D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x05BEC000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x06085000 \SystemRoot\system32\drivers\peauth.sys 0x0612B000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06136000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06163000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06175000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0664D000 \SystemRoot\System32\DRIVERS\srv.sys 0x066E5000 \SystemRoot\System32\Drivers\fastfat.SYS 0x0678C000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x06797000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77600000 \Windows\System32\ntdll.dll 0x477E0000 \Windows\System32\smss.exe 0xFF920000 \Windows\System32\apisetschema.dll 0xFF5F0000 \Windows\System32\autochk.exe 0xFF900000 \Windows\System32\nsi.dll 0xFF7D0000 \Windows\System32\wininet.dll 0xFF700000 \Windows\System32\usp10.dll 0xFF5D0000 \Windows\System32\rpcrt4.dll 0xFF450000 \Windows\System32\urlmon.dll 0xFF240000 \Windows\System32\ole32.dll 0xFF220000 \Windows\System32\sechost.dll 0xFF200000 \Windows\System32\imagehlp.dll 0xFF1D0000 \Windows\System32\imm32.dll 0xFF130000 \Windows\System32\comdlg32.dll 0xFF050000 \Windows\System32\oleaut32.dll 0x77500000 \Windows\System32\user32.dll 0xFEE70000 \Windows\System32\setupapi.dll 0xFE0E0000 \Windows\System32\shell32.dll 0xFE0D0000 \Windows\System32\lpk.dll 0xFE080000 \Windows\System32\Wldap32.dll 0x773E0000 \Windows\System32\kernel32.dll 0xFE010000 \Windows\System32\gdi32.dll 0xFDF30000 \Windows\System32\advapi32.dll |
|
23.12.2010, 15:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Log ist unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2010, 15:28
| #11 |
| | iexplore.exe offen, brauche hilfe ok hab ihn nochmal rennen lassen und das kam bei raus.. sieht auch nich viel länger aus MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: H55M-UD2H Logical Drives Mask: 0x0000001d Kernel Drivers (total 194): 0x02E5C000 \SystemRoot\system32\ntoskrnl.exe 0x02E13000 \SystemRoot\system32\hal.dll 0x00BC3000 \SystemRoot\system32\kdcom.dll 0x00C94000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CD8000 \SystemRoot\system32\PSHED.dll 0x00CEC000 \SystemRoot\system32\CLFS.SYS 0x00EB7000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F77000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FCE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FD7000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00D4A000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FE1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00D7D000 \SystemRoot\System32\drivers\partmgr.sys 0x00D92000 \SystemRoot\system32\drivers\ps6ah4nc.sys 0x00DA9000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FEE000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FF5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00DBE000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00DE8000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0105B000 \SystemRoot\system32\drivers\fltmgr.sys 0x010A7000 \SystemRoot\system32\drivers\fileinfo.sys 0x01245000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010BB000 \SystemRoot\System32\Drivers\msrpc.sys 0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01119000 \SystemRoot\System32\Drivers\cng.sys 0x0121A000 \SystemRoot\System32\drivers\pcw.sys 0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01455000 \SystemRoot\system32\drivers\ndis.sys 0x01547000 \SystemRoot\system32\drivers\NETIO.SYS 0x015A7000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0118C000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0144A000 \SystemRoot\System32\Drivers\spldr.sys 0x015D2000 \SystemRoot\SysWOW64\speedfan.sys 0x01000000 \SystemRoot\System32\drivers\rdyboost.sys 0x015D9000 \SystemRoot\system32\drivers\pe3ah4nc.sys 0x013E8000 \SystemRoot\System32\Drivers\mup.sys 0x015EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018CE000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01908000 \SystemRoot\system32\DRIVERS\disk.sys 0x0191E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01984000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x019AE000 \SystemRoot\System32\Drivers\Null.SYS 0x019B7000 \SystemRoot\System32\Drivers\Beep.SYS 0x019BE000 \SystemRoot\System32\drivers\vga.sys 0x019CC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01800000 \SystemRoot\System32\drivers\watchdog.sys 0x01810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01819000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01822000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0182B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01836000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01847000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01865000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C6C000 \SystemRoot\system32\drivers\afd.sys 0x02CF6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D44000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D6A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D79000 \SystemRoot\system32\DRIVERS\serial.sys 0x02D96000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DB1000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DC5000 \SystemRoot\System32\drivers\discache.sys 0x02DD4000 \SystemRoot\System32\Drivers\dfsc.sys 0x01872000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01883000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x018A5000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0103A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0FEE2000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x10B74000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x03A3F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03B33000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03B79000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03B9D000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03BAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03A00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03A11000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x10B76000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x10BA8000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x03A1E000 \SystemRoot\system32\DRIVERS\fdc.sys 0x03A2B000 \SystemRoot\system32\DRIVERS\serenum.sys 0x0FE00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0FE1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0FE2D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0FE3D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0FE53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0FE77000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0FE83000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0FEB2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x011D8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x10BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0FECD000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02DF2000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x03A37000 \SystemRoot\system32\DRIVERS\swenum.sys 0x042BA000 \SystemRoot\system32\DRIVERS\ks.sys 0x042FD000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0430F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04369000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x04374000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04389000 \SystemRoot\system32\drivers\nvhda64v.sys 0x043AC000 \SystemRoot\system32\drivers\portcls.sys 0x04200000 \SystemRoot\system32\drivers\drmk.sys 0x04222000 \SystemRoot\system32\drivers\ksthunk.sys 0x04228000 \SystemRoot\system32\drivers\HdAudio.sys 0x04284000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x042A1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x042A3000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05009000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05022000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05201000 \SystemRoot\system32\DRIVERS\VX1000.sys 0x0502B000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x0503C000 \SystemRoot\system32\drivers\usbaudio.sys 0x05057000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x000B0000 \SystemRoot\System32\win32k.sys 0x05064000 \SystemRoot\System32\drivers\Dxapi.sys 0x05070000 \SystemRoot\system32\DRIVERS\udfs.sys 0x050C4000 \SystemRoot\System32\Drivers\crashdmp.sys 0x050D2000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x050DE000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x050E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x050FA000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00480000 \SystemRoot\System32\TSDDD.dll 0x00620000 \SystemRoot\System32\cdd.dll 0x05108000 \SystemRoot\system32\drivers\luafv.sys 0x0512B000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x05148000 \SystemRoot\system32\drivers\WudfPf.sys 0x05169000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0517E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x05A03000 \SystemRoot\system32\drivers\HTTP.sys 0x05ACB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05AE9000 \SystemRoot\System32\drivers\mpsdrv.sys 0x05B01000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05B2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x05B7A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05B9D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x05BEC000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x06085000 \SystemRoot\system32\drivers\peauth.sys 0x0612B000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06136000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06163000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06175000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0664D000 \SystemRoot\System32\DRIVERS\srv.sys 0x066E5000 \SystemRoot\System32\Drivers\fastfat.SYS 0x0678C000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x06797000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77600000 \Windows\System32\ntdll.dll 0x477E0000 \Windows\System32\smss.exe 0xFF920000 \Windows\System32\apisetschema.dll 0xFF5F0000 \Windows\System32\autochk.exe 0xFF900000 \Windows\System32\nsi.dll 0xFF7D0000 \Windows\System32\wininet.dll 0xFF700000 \Windows\System32\usp10.dll 0xFF5D0000 \Windows\System32\rpcrt4.dll 0xFF450000 \Windows\System32\urlmon.dll 0xFF240000 \Windows\System32\ole32.dll 0xFF220000 \Windows\System32\sechost.dll 0xFF200000 \Windows\System32\imagehlp.dll 0xFF1D0000 \Windows\System32\imm32.dll 0xFF130000 \Windows\System32\comdlg32.dll 0xFF050000 \Windows\System32\oleaut32.dll 0x77500000 \Windows\System32\user32.dll 0xFEE70000 \Windows\System32\setupapi.dll 0xFE0E0000 \Windows\System32\shell32.dll 0xFE0D0000 \Windows\System32\lpk.dll 0xFE080000 \Windows\System32\Wldap32.dll 0x773E0000 \Windows\System32\kernel32.dll 0xFE010000 \Windows\System32\gdi32.dll 0xFDF30000 \Windows\System32\advapi32.dll |
|
23.12.2010, 15:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Zum Markieren des ganzen Textes STRG+A verwenden, dann kopieren und hier einfügen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2010, 16:00
| #13 |
| | iexplore.exe offen, brauche hilfe mache ich immer... da steht nicht mehr |
|
23.12.2010, 20:32
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe offen, brauche hilfe Dann lass mbrcheck mal länger durchlaufen als die sprichwörtliche Sekunde, die in der Anleitung steht 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2010, 23:57
| #15 |
| | iexplore.exe offen, brauche hilfe ok hat ca 10 sekunden gebraucht  MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: H55M-UD2H Logical Drives Mask: 0x0000001d Kernel Drivers (total 193): 0x02E16000 \SystemRoot\system32\ntoskrnl.exe 0x033F3000 \SystemRoot\system32\hal.dll 0x00B9B000 \SystemRoot\system32\kdcom.dll 0x00C2F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C73000 \SystemRoot\system32\PSHED.dll 0x00C87000 \SystemRoot\system32\CLFS.SYS 0x00CE5000 \SystemRoot\system32\CI.dll 0x00E66000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F0A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F19000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F70000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F79000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F83000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FB6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FC3000 \SystemRoot\System32\drivers\partmgr.sys 0x00FD8000 \SystemRoot\system32\drivers\ps6ah4nc.sys 0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x010E5000 \SystemRoot\System32\drivers\volmgrx.sys 0x01141000 \SystemRoot\system32\DRIVERS\pciide.sys 0x01148000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x01158000 \SystemRoot\System32\drivers\mountmgr.sys 0x01172000 \SystemRoot\system32\DRIVERS\atapi.sys 0x0117B000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x011A5000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x011B0000 \SystemRoot\system32\drivers\fltmgr.sys 0x01000000 \SystemRoot\system32\drivers\fileinfo.sys 0x0123E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01014000 \SystemRoot\System32\Drivers\msrpc.sys 0x013E1000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01072000 \SystemRoot\System32\Drivers\cng.sys 0x01200000 \SystemRoot\System32\drivers\pcw.sys 0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014E0000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01602000 \SystemRoot\System32\drivers\tcpip.sys 0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x00E15000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x014D5000 \SystemRoot\System32\Drivers\spldr.sys 0x015D2000 \SystemRoot\SysWOW64\speedfan.sys 0x00DA5000 \SystemRoot\System32\drivers\rdyboost.sys 0x015D9000 \SystemRoot\system32\drivers\pe3ah4nc.sys 0x0121B000 \SystemRoot\System32\Drivers\mup.sys 0x015EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01842000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0187C000 \SystemRoot\system32\DRIVERS\disk.sys 0x01892000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x018F8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01922000 \SystemRoot\System32\Drivers\Null.SYS 0x0192B000 \SystemRoot\System32\Drivers\Beep.SYS 0x01932000 \SystemRoot\System32\drivers\vga.sys 0x01940000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01965000 \SystemRoot\System32\drivers\watchdog.sys 0x01975000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0197E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01987000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01990000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0199B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x019AC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x019CA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C29000 \SystemRoot\system32\drivers\afd.sys 0x02CB3000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CF8000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D01000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D27000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D36000 \SystemRoot\system32\DRIVERS\serial.sys 0x02D53000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D6E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02D82000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02DD3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DDF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DEA000 \SystemRoot\System32\drivers\discache.sys 0x02C00000 \SystemRoot\System32\Drivers\dfsc.sys 0x019D7000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01800000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x01822000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0FE7C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x10B0E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x03EDA000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03E77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03FCE000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03FDF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x10B10000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x10B42000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x03FEC000 \SystemRoot\system32\DRIVERS\fdc.sys 0x03ECD000 \SystemRoot\system32\DRIVERS\serenum.sys 0x10B80000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x10B9E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x10BAD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x10BBD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x10BD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0FE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0FE0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0FE3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0FE56000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00DDF000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x019E8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0122D000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x03FF9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04264000 \SystemRoot\system32\DRIVERS\ks.sys 0x042A7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x042B9000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04313000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x0431E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04333000 \SystemRoot\system32\drivers\nvhda64v.sys 0x04356000 \SystemRoot\system32\drivers\portcls.sys 0x04393000 \SystemRoot\system32\drivers\drmk.sys 0x043B5000 \SystemRoot\system32\drivers\ksthunk.sys 0x04200000 \SystemRoot\system32\drivers\HdAudio.sys 0x043BB000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x043D8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x043DA000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x0501B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05034000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05201000 \SystemRoot\system32\DRIVERS\VX1000.sys 0x0503D000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x0504E000 \SystemRoot\system32\drivers\usbaudio.sys 0x05069000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x05076000 \SystemRoot\System32\drivers\Dxapi.sys 0x05082000 \SystemRoot\system32\DRIVERS\udfs.sys 0x050D6000 \SystemRoot\System32\Drivers\crashdmp.sys 0x050E4000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x050F0000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x050F9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x0510C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00570000 \SystemRoot\System32\TSDDD.dll 0x006D0000 \SystemRoot\System32\cdd.dll 0x0511A000 \SystemRoot\system32\drivers\luafv.sys 0x0513D000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0515A000 \SystemRoot\system32\drivers\WudfPf.sys 0x0517B000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05190000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x058AF000 \SystemRoot\system32\drivers\HTTP.sys 0x05977000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05995000 \SystemRoot\System32\drivers\mpsdrv.sys 0x059AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0584D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x051A8000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x05870000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x05EAE000 \SystemRoot\system32\drivers\peauth.sys 0x05F54000 \SystemRoot\System32\Drivers\secdrv.SYS 0x05F5F000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x05F8C000 \SystemRoot\System32\drivers\tcpipreg.sys 0x05E00000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0623C000 \SystemRoot\System32\DRIVERS\srv.sys 0x062D4000 \SystemRoot\System32\Drivers\fastfat.SYS 0x0637B000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x77A00000 \Windows\System32\ntdll.dll 0x47630000 \Windows\System32\smss.exe 0xFFD20000 \Windows\System32\apisetschema.dll 0xFF100000 \Windows\System32\autochk.exe 0xFFC70000 \Windows\System32\clbcatq.dll 0xFFC00000 \Windows\System32\gdi32.dll 0xFFAF0000 \Windows\System32\msctf.dll 0xFFAE0000 \Windows\System32\nsi.dll 0xFFA40000 \Windows\System32\msvcrt.dll 0xFF970000 \Windows\System32\usp10.dll 0xFF920000 \Windows\System32\ws2_32.dll 0xFEB90000 \Windows\System32\shell32.dll 0xFEB70000 \Windows\System32\sechost.dll 0xFEAD0000 \Windows\System32\comdlg32.dll 0xFEAA0000 \Windows\System32\imm32.dll 0xFE9C0000 \Windows\System32\oleaut32.dll 0xFE760000 \Windows\System32\iertutil.dll 0xFE550000 \Windows\System32\ole32.dll 0x778E0000 \Windows\System32\kernel32.dll 0xFE500000 \Windows\System32\Wldap32.dll 0xFE4E0000 \Windows\System32\imagehlp.dll 0xFE360000 \Windows\System32\urlmon.dll 0x77BD0000 \Windows\System32\normaliz.dll 0x77BC0000 \Windows\System32\psapi.dll 0x777E0000 \Windows\System32\user32.dll 0xFE350000 \Windows\System32\lpk.dll 0xFE2D0000 \Windows\System32\shlwapi.dll 0xFE1A0000 \Windows\System32\wininet.dll 0xFE120000 \Windows\System32\difxapi.dll 0xFE040000 \Windows\System32\advapi32.dll 0xFDF10000 \Windows\System32\rpcrt4.dll 0xFDD30000 \Windows\System32\setupapi.dll 0xFDC90000 \Windows\System32\comctl32.dll 0xFDC50000 \Windows\System32\cfgmgr32.dll 0xFDBE0000 \Windows\System32\KernelBase.dll 0xFDA70000 \Windows\System32\crypt32.dll 0xFDA50000 \Windows\System32\devobj.dll 0xFDA10000 \Windows\System32\wintrust.dll 0xFDA00000 \Windows\System32\msasn1.dll 0x772A0000 \Windows\SysWOW64\normaliz.dll Processes (total 60): 0 System Idle Process 4 System 280 C:\Windows\System32\smss.exe 400 csrss.exe 460 C:\Windows\System32\wininit.exe 480 csrss.exe 516 C:\Windows\System32\services.exe 540 C:\Windows\System32\lsass.exe 548 C:\Windows\System32\lsm.exe 664 C:\Windows\System32\winlogon.exe 696 C:\Windows\System32\svchost.exe 792 C:\Windows\System32\nvvsvc.exe 832 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 360 C:\Windows\System32\audiodg.exe 712 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\nvvsvc.exe 1284 C:\Windows\System32\spoolsv.exe 1312 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1332 C:\Windows\System32\svchost.exe 1504 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1532 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1576 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1616 C:\Windows\System32\svchost.exe 1652 C:\Program Files\Microsoft LifeCam\MSCamS64.exe 1728 C:\Windows\SysWOW64\PnkBstrA.exe 1800 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1816 C:\Windows\System32\conhost.exe 1832 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 1880 C:\Windows\System32\svchost.exe 2232 C:\Windows\System32\taskhost.exe 2308 C:\Windows\System32\dwm.exe 2376 C:\Windows\explorer.exe 2508 C:\Windows\System32\taskeng.exe 2564 C:\Program Files (x86)\IObit\Game Booster\GameBox.exe 3004 C:\Windows\vVX1000.exe 3016 C:\Program Files (x86)\Steam\Steam.exe 3024 C:\Program Files\Windows Sidebar\sidebar.exe 2452 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe 2500 C:\Program Files (x86)\Skype\Phone\Skype.exe 3064 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 304 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 312 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 1124 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2576 C:\Program Files (x86)\iTunes\iTunesHelper.exe 2708 C:\Windows\System32\SearchIndexer.exe 3148 C:\Program Files\Windows Media Player\wmpnetwk.exe 3412 C:\Program Files\iPod\bin\iPodService.exe 3776 C:\Windows\System32\svchost.exe 3808 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3068 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe 4284 C:\Windows\System32\svchost.exe 4744 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4528 C:\Users\Alonso\Desktop\MBRCheck.exe 2952 C:\Windows\System32\conhost.exe 584 C:\Windows\System32\dllhost.exe 3680 WmiPrvSE.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000049`3e100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: WDCWD10EADS-00P8B0, Rev: 01.00A01 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! Geändert von OoAlonso (24.12.2010 um 00:00 Uhr) Grund: ok jetzt aber |
|
| Themen zu iexplore.exe offen, brauche hilfe |
| adobe, antivir, antivir guard, avg, avira, beenden, bho, bonjour, converter, desktop, firefox, hijack, hijack this, hijackthis, iexplore.exe, internet, internet explorer, iobit, logfile, mozilla, mp3, object, plug-in, problem, software, syswow64, taskmanager, windows |
Linear-Darstellung
