| |
| |||||||
Log-Analyse und Auswertung: iphone 4 gewonnen, internet explorer adWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.07.2011, 17:21
| #1 |
 |  iphone 4 gewonnen, internet explorer ad Hallo, das sind backup dateien von einem spiel, und ich war in einem kreativen anfall in der namensgebung eben dieser sehr tiefführend :> das ist alles ironisch gemeint. der name ist auch NICHT auf EUCH bezogen, sondern an die MITNUTZER meines PCs gerichtet  Alter MBAM Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7084
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.07.2011 17:24:33
mbam-log-2011-07-12 (17-24-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 438725
Laufzeit: 1 Stunde(n), 57 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10
Infizierte Speicherprozesse:
c:\Windows\Mtumia.exe (Trojan.FraudPack.Gen) -> 3240 -> Failed to unload process.
c:\Users\Noxas\AppData\Local\Temp\Mrs.exe (Trojan.FraudPack.Gen) -> 3480 -> Unloaded process successfully.
c:\Users\Noxas\AppData\Local\Temp\Mrt.exe (Trojan.FraudPack.Gen) -> 8984 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\T7PKEYSDPX (Trojan.FraudPack.Gen) -> Value: T7PKEYSDPX -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\Mtumia.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\AppData\Local\Temp\Mrs.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\AppData\Local\Temp\Mrt.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\AppData\Local\Google\Chrome\user data\Default\Cache\f_0032a0 (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\AppData\Local\Google\Chrome\user data\Default\Cache\f_0032a1 (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\AppData\Local\Temp\Mrr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Noxas\downloads\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7088
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.07.2011 18:15:53
mbam-log-2011-07-12 (18-15-53).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 224171
Laufzeit: 12 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Noxas\downloads\removewga.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
Code:
ATTFilter 15:07:06 Noxas MESSAGE Protection started successfully
15:07:09 Noxas MESSAGE IP Protection started successfully
15:12:12 Noxas IP-BLOCK 95.64.55.4 (Type: outgoing, Port: 59053, Process: mtumia.exe)
15:12:12 Noxas IP-BLOCK 95.64.55.4 (Type: outgoing, Port: 59055, Process: mtumia.exe)
15:15:58 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrt.exe Trojan.FraudPack.Gen QUARANTINE
15:16:01 Noxas ERROR Quarantine failed: DeleteFile failed with error code 5
15:16:51 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrs.exe Trojan.FraudPack.Gen QUARANTINE
15:16:52 Noxas ERROR Quarantine failed: DeleteFile failed with error code 5
15:58:00 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrs.exe Trojan.FraudPack.Gen DENY
16:15:00 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrt.exe Trojan.FraudPack.Gen DENY
16:16:58 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrs.exe Trojan.FraudPack.Gen DENY
16:58:00 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrs.exe Trojan.FraudPack.Gen DENY
17:15:00 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrt.exe Trojan.FraudPack.Gen DENY
17:17:08 Noxas DETECTION C:\Users\Noxas\AppData\Local\Temp\Mrs.exe Trojan.FraudPack.Gen DENY
17:26:46 Noxas MESSAGE Protection started successfully
17:26:50 Noxas MESSAGE IP Protection started successfully
18:01:55 Noxas MESSAGE IP Protection stopped
18:01:57 Noxas MESSAGE Database updated successfully
18:01:58 Noxas MESSAGE IP Protection started successfully
18:19:55 Noxas MESSAGE Protection started successfully
18:19:59 Noxas MESSAGE IP Protection started successfully
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:22 on 12/07/2011 (Noxas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
die weiteren logfiles folgen, nachdem mir die frage beantwortet wurde, damit ich nichts durcheinander mache oder so. Geändert von Lyot (12.07.2011 um 17:36 Uhr) |
|
12.07.2011, 17:56
| #2 | |||
| /// TB-Ausbilder   | iphone 4 gewonnen, internet explorer ad Hallo Lyot,
__________________Zitat:
Zitat:
Zitat:
 Achja, OTL wird nur ein Logfile erstellen (OTL.txt)... nicht, dass du vergeblich nach einem 2. Logfile suchst, ein kleiner Fehler in meiner Anleitung von vorhin.  Geändert von M-K-D-B (12.07.2011 um 18:04 Uhr) |
|
12.07.2011, 19:34
| #3 |
| | iphone 4 gewonnen, internet explorer adCode:
ATTFilter aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-12 19:08:55
-----------------------------
19:08:55.874 OS Version: Windows x64 6.1.7600
19:08:55.874 Number of processors: 4 586 0x402
19:08:55.876 ComputerName: MICHAEL UserName: Noxas
19:08:58.417 Initialze error C000010E - driver not loaded
19:08:58.608 write error "aswEngin.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
19:10:30.596 AVAST engine defs: 11071201
19:11:00.165 Service scanning
19:11:01.997 Disk 0 trace - called modules:
19:11:01.998
19:11:04.849 AVAST engine scan C:\Windows
19:21:28.893 File: C:\Windows\System32\drivers\de-DE\bfe.dll.mui **SUSPICIOUS**
19:21:30.024 File: C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui **SUSPICIOUS**
19:21:30.126 File: C:\Windows\System32\drivers\de-DE\pacer.sys.mui **SUSPICIOUS**
19:21:30.216 File: C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui **SUSPICIOUS**
19:21:30.276 File: C:\Windows\System32\drivers\de-DE\scfilter.sys.mui **SUSPICIOUS**
19:21:30.378 File: C:\Windows\System32\drivers\de-DE\tcpip.sys.mui **SUSPICIOUS**
19:21:38.023 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
19:42:44.900 AVAST engine scan C:\Users\Noxas
20:03:01.480 AVAST engine scan C:\ProgramData
20:03:48.420 Scan finished successfully
20:06:44.718 The log file has been saved successfully to "C:\Users\Noxas\Desktop\aswMBR.txt"
Code:
ATTFilter OTL logfile created on: 12.07.2011 20:08:08 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Noxas\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,19% Memory free 8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 477,39 Gb Free Space | 80,09% Space Free | Partition Type: NTFS Computer Name: MICHAEL | User Name: Noxas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Noxas\AppData\Roaming\cacaoweb\cacaoweb.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Noxas\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (QipGuard) -- C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Dyyno Launcher) -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 B4 22 03 BB 10 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.9 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..browser.startup.homepage: "hxxp://qip.ru" FF - prefs.js..browser.search.selectedEngine: "QIP Search" FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Noxas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Noxas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.22 16:14:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.23 15:29:00 | 000,000,000 | ---D | M] [2010.12.22 16:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Extensions [2011.05.25 15:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions [2011.05.25 15:04:02 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010.12.30 18:25:26 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} [2011.04.16 17:36:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.01 21:10:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.27 02:30:28 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\cacaoweb@cacaoweb.org [2010.12.30 18:25:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Noxas\AppData\Roaming\mozilla\Firefox\Profiles\bq471bpq.default\extensions\engine@conduit.com [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\icqplugin.xml [2011.05.25 15:04:23 | 000,002,062 | ---- | M] () -- C:\Users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\searchplugins\qip-search.xml [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.08 15:10:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.23 15:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.15 12:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.09 13:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [cacaoweb] C:\Users\Noxas\AppData\Roaming\cacaoweb\cacaoweb.exe () O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Dyyno Launcher - hkey= - key= - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe () MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Noxas\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Users\Noxas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.12 19:08:15 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.12 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Malwarebytes [2011.07.12 15:06:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.12 15:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.12 15:06:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.12 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.09 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Local\ArmA 2 Free [2011.06.30 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Documents\ArmA 2 [2011.06.30 13:27:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011.06.27 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2011.06.27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.06.27 21:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.27 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.06.26 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!! [2011.06.16 03:14:27 | 000,000,000 | ---D | C] -- C:\22528142113c9126cc2dc5 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.12 19:14:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000UA.job [2011.07.12 19:14:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.12 18:24:58 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.12 18:24:58 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.12 18:22:40 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.12 18:22:40 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.12 18:22:40 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.12 18:22:40 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.12 18:22:40 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.12 18:19:31 | 000,000,000 | ---- | M] () -- C:\Users\Noxas\defogger_reenable [2011.07.12 18:17:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.12 18:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.12 18:17:13 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.07.12 14:57:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Noxas\Desktop\OTL.exe [2011.07.11 22:14:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000Core.job [2011.07.11 18:20:07 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.07.11 18:20:07 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.07.11 18:15:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.06.30 14:14:39 | 000,002,363 | ---- | M] () -- C:\Users\Noxas\Desktop\Google Chrome.lnk [2011.06.30 14:06:13 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.30 13:27:44 | 385,101,516 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | M] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.29 15:24:02 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.06.29 15:24:02 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.06.27 01:51:52 | 632,653,730 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:51:05 | 836,911,523 | ---- | M] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.06.27 01:44:51 | 000,007,608 | ---- | M] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.12 18:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Noxas\defogger_reenable [2011.06.30 13:27:44 | 385,101,516 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.06.29 15:36:41 | 000,006,438 | ---- | C] () -- C:\Users\Noxas\.recently-used.xbel [2011.06.27 01:41:54 | 632,653,730 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.7z [2011.06.27 01:41:29 | 836,911,523 | ---- | C] () -- C:\Users\Noxas\Desktop\World of Tanks BACKUP - NICHT LÖSCHEN!!! UNTER KEINEN UMSTÄNDEN!!! AUCH NICHT WENN IHR DENKT ICH WÄRE SÜCHTIG UND IHR MÜSSTET DAS SPIEL LÖSCHEN!!! DANKE!!!.rar [2011.05.15 14:35:37 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI [2011.04.23 23:24:14 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.04.23 23:24:14 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.04.23 23:24:14 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.04.03 02:47:54 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.31 21:56:26 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.31 21:56:25 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.31 21:56:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.24 00:18:34 | 000,301,056 | ---- | C] () -- C:\Windows\SysWow64\XDogcat.dll [2010.12.21 19:37:20 | 046,504,568 | ---- | C] () -- C:\Users\Noxas\AppData\Roaming\.minecraft.zip [2010.12.21 10:48:24 | 002,968,064 | ---- | C] () -- C:\Windows\es.exe [2010.12.09 17:25:56 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.09 17:25:55 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.06 18:02:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.31 18:15:53 | 000,007,608 | ---- | C] () -- C:\Users\Noxas\AppData\Local\Resmon.ResmonCfg [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2004.02.20 22:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll ========== LOP Check ========== [2011.06.23 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\.minecraft [2011.07.11 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\cacaoweb [2011.04.23 20:53:06 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Darkfall [2011.01.01 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.27 19:08:22 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Dyyno [2011.06.29 15:36:41 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\gtk-2.0 [2011.04.16 15:29:22 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\ICQ [2011.05.12 18:06:06 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Juniper Networks [2010.11.07 00:51:27 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Leadertech [2010.10.30 17:24:53 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\LolClient [2010.11.01 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Mumble [2011.03.02 14:17:54 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Octoshape [2011.05.08 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\OpenOffice.org [2011.05.25 15:04:29 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\QIP [2011.05.25 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\QipGuard [2010.12.24 00:20:24 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\SpeedyiTunes [2011.05.24 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\TS3Client [2011.01.01 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\Uniblue [2011.04.14 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Noxas\AppData\Roaming\wargaming.net [2011.04.17 09:50:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.30 16:32:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.06.16 03:14:27 | 000,000,000 | ---D | M] -- C:\22528142113c9126cc2dc5 [2011.04.16 03:00:44 | 000,000,000 | ---D | M] -- C:\90fd99c6d3fe5ea2c8 [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.30 16:32:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.11 10:18:47 | 000,000,000 | ---D | M] -- C:\Downloads [2011.04.14 15:36:13 | 000,000,000 | ---D | M] -- C:\Games [2010.10.30 17:57:46 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.12 15:17:18 | 000,000,000 | ---D | M] -- C:\PFiles [2011.04.24 17:58:18 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.12 15:06:03 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.07.12 15:06:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.30 16:32:05 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.30 16:32:05 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.07.12 20:09:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.30 16:32:12 | 000,000,000 | R--D | M] -- C:\Users [2011.07.12 17:27:11 | 000,000,000 | ---D | M] -- C:\Windows [2010.12.10 14:14:02 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2011.05.15 15:18:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activision [2011.01.23 15:34:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira [2011.06.27 22:31:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bohemia Interactive [2011.07.09 13:41:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2011.04.23 14:54:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Darkfall [2011.04.24 02:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo II [2011.04.14 15:21:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX [2011.02.03 17:02:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Duty Calls [2011.05.12 18:37:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft [2011.02.27 19:08:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dyyno [2011.02.03 22:44:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electric Sheep [2010.12.30 18:30:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts [2010.12.19 13:58:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0 [2011.06.15 02:15:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google [2011.04.16 17:36:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ6Toolbar [2011.04.16 17:36:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ7.2 [2011.04.16 17:36:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ7.4 [2010.10.30 18:07:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2011.06.16 13:12:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2011.07.09 13:40:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2011.05.24 17:10:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\League of Legends [2011.05.30 23:47:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LogMeIn Hamachi [2010.10.30 17:12:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LOLSetup [2011.07.12 15:06:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.03 02:47:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware [2011.04.03 02:47:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client [2010.10.31 17:01:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2010.12.22 16:14:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2011.05.17 12:59:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010.11.01 19:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mumble [2010.10.30 17:03:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NOS [2010.10.30 17:59:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation [2011.05.08 15:08:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice [2011.05.08 15:10:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3 [2011.05.07 15:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenPlsInWMP [2010.10.30 16:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks [2011.05.25 15:04:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QIP 2010 [2011.05.25 15:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QipGuard [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2010.11.07 00:46:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RegCleaner [2010.11.06 18:02:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2011.07.12 18:18:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam [2011.05.12 18:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoDownloader [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2010.12.16 04:17:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2010.10.31 17:10:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2009.07.14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2011.06.09 21:01:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\World of Warcraft [2010.12.24 01:04:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: CTFMON.EXE > [2009.07.14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe [2009.07.14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe [2009.07.14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe [2009.07.14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: SVCHOST.EXE > [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
12.07.2011, 19:45
| #4 | ||
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, Schritt # 1: Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft Security Essentials
Avira AntiVir
Hinweis: Aufgrund aktueller Vorkommnisse empfehlen wir Avira nicht mehr: aviras neue partner: uniblue und ask Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt # 2: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 3: ComboFix ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
12.07.2011, 20:23
| #5 | |
| | iphone 4 gewonnen, internet explorer adZitat:
Code:
ATTFilter ComboFix 11-07-12.07 - Noxas 12.07.2011 21:08:44.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.1389 [GMT 2:00]
ausgeführt von:: c:\users\Noxas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Noxas\AppData\Roaming\cacaoweb
c:\users\Noxas\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Noxas\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Noxas\AppData\Roaming\cacaoweb\replicating4B6C6A2FCE7455D84564ED980A170F31.cacao
c:\users\Noxas\AppData\Roaming\cacaoweb\storage.db
c:\windows\es.exe
c:\windows\pthreadGC2.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-12 bis 2011-07-12 ))))))))))))))))))))))))))))))
.
.
2011-07-12 19:13 . 2011-07-12 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 13:06 . 2011-07-12 13:06 -------- d-----w- c:\users\Noxas\AppData\Roaming\Malwarebytes
2011-07-12 13:06 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-12 13:06 . 2011-07-12 13:06 -------- d-----w- c:\programdata\Malwarebytes
2011-07-12 13:06 . 2011-07-12 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-12 13:06 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 19:32 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E22CB6B-90A4-4932-AA5F-991C464E5F14}\mpengine.dll
2011-07-09 11:41 . 2011-07-09 11:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 11:29 . 2011-06-30 11:29 -------- d-----w- c:\users\Noxas\AppData\Local\ArmA 2 Free
2011-06-27 20:31 . 2011-06-27 20:31 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2011-06-27 19:56 . 2011-06-29 14:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-06-27 19:56 . 2011-07-12 19:15 -------- d-----w- c:\program files (x86)\Steam
2011-06-16 01:14 . 2011-06-16 01:14 -------- d-----w- C:\22528142113c9126cc2dc5
2011-06-15 08:09 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 08:09 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 08:09 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 08:09 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:09 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:08 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:08 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 08:08 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:08 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 16:20 . 2010-12-31 19:57 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-11 16:20 . 2010-12-31 19:56 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-11 16:15 . 2010-12-31 19:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-29 13:24 . 2011-01-23 13:34 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 13:24 . 2011-01-23 13:34 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 17:10 . 2010-10-31 15:22 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-10 15:14 . 2011-05-25 13:04 141184 ----a-w- c:\users\Noxas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-05-04 02:52 . 2010-12-03 18:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-23 21:51 . 2011-04-23 21:24 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-04-23 21:51 . 2011-04-23 21:24 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-04-23 21:51 . 2011-04-23 21:24 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-04-22 20:18 . 2011-05-25 12:29 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-19 10:17 . 2010-11-06 22:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Noxas\AppData\Roaming\QipGuard\QipGuard.exe" [2011-05-10 187776]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-06-27 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Noxas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 gvhadszw;gvhadszw;c:\windows\system32\drivers\gvhadszw.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-02-24 415072]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-05-10 187776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 15:04]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 15:04]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000Core.job
- c:\users\Noxas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 08:45]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4162387930-1573310092-2657919576-1000UA.job
- c:\users\Noxas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 08:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Free YouTube to MP3 Converter - c:\users\Noxas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Noxas\AppData\Roaming\Mozilla\Firefox\Profiles\bq471bpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{58beca16-cae6-4b7a-a0e8-153d0cbba63a} - (no file)
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\Noxas\AppData\Roaming\cacaoweb\cacaoweb.exe
WebBrowser-{58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4162387930-1573310092-2657919576-1000\Software\SecuROM\License information*]
"datasecu"=hex:5d,04,16,5e,f4,d4,eb,73,7d,97,e0,23,9e,c3,d0,69,1a,a5,a6,ff,90,
7f,84,ed,be,c0,65,3d,f3,eb,56,99,bd,17,6f,d0,75,67,b4,a9,12,5d,8e,4c,b9,ea,\
"rkeysecu"=hex:f4,7c,27,0e,95,7a,cb,86,3f,8b,b2,cc,be,58,a9,06
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-12 21:18:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-12 19:18
.
Vor Suchlauf: 13 Verzeichnis(se), 512.755.519.488 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 515.792.625.664 Bytes frei
.
- - End Of File - - 5685EFE067F4EF9B958959FCD14D5B6B
|
|
12.07.2011, 20:40
| #6 | ||
| /// TB-Ausbilder | iphone 4 gewonnen, internet explorer ad Hallo Lyot, hast du Schritt # 1 meines letzten Posts übersehen? Schritt # 1: Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft Security Essentials
Avira AntiVir
Hinweis: Aufgrund aktueller Vorkommnisse empfehlen wir Avira nicht mehr: aviras neue partner: uniblue und ask Letztendlich liegt die Entscheidung natürlich bei dir. Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt # 2: Kontrolle mit VirusTotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Schritt # 3: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
13.07.2011, 10:19
| #7 |
| | iphone 4 gewonnen, internet explorer ad so hallo, ich bin jetzt wach und habe nur microsoft security essenitals am laufen! falls du mir ein besseres kostenloses empfehlen könntest, dann hätt ich gern einen link! ich werde die neuen anweisungen abarbeiten und die ergebnisse hier rein editieren! schritt 2 kann nicht ausgeführt werden, da die datei nicht gefunden wurde. in dem ordner sind nur mbamswissarmy.sys und wimmount.sys. Geändert von Lyot (13.07.2011 um 10:26 Uhr) |
|
| Themen zu iphone 4 gewonnen, internet explorer ad |
| adware.softomate, anti, eingefangen, explorer, folgendes, gefangen, glückwunsch, guten, hijack.zones, inter, interne, internet explorer, iphone, malwarebytes, problem, pup.removewga, quarantäne, regelmäßig, schädliches, trojan.downloader, trojan.fakealert, trojan.fraudpack, trojan.fraudpack.gen, öffnet |
Hybrid-Darstellung
