Jump to content


Photo
- - - - -

isearch.babylon.com

Babylon

  • This topic is locked This topic is locked
4 replies to this topic

#1 Joop111

Joop111

    New Member

  • Members
  • Pip
  • 2 posts

Posted 29 January 2012 - 05:34 PM

Hi guys,

first, please excuse my english, Im not a native speakter.

OK, now whats the problem? The problem ist http://isearch.babylon.com. Every time when I put some word or phrase in the upper search task in place of ggogle isearch.babylon is going to search.

I´ve already tried a lot: Spybot Search & Destroy, Unlocker, Registry Cleaning of all "Babylon" stuff, my homedirectory in the Firefox etc. Nothing works. I´ve the firefox 9.01 and windows 7 64 bit.

Maybe anybody would be able to help me to get rid of that babylon search tool?

In the attachment you´ll find a picture....

Greetings

Jonathan

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 January 2012 - 07:11 PM

Hello Jonathan and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 Joop111

Joop111

    New Member

  • Members
  • Pip
  • 2 posts

Posted 29 January 2012 - 07:31 PM

Hi Maniac and thanks for your rapid answer.

OK, I did it exactly as you told me.....now Im posting the contents:

Extra.txt:


OTL Extras logfile created on: 29/01/2012 19:25:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Suerte y Trabajo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000300a | Country: Ecuador | Language: ESF | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,95% Memory free
7,81 Gb Paging File | 6,19 Gb Available in Paging File | 79,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 58,88 Gb Free Space | 60,29% Space Free | Partition Type: NTFS
Drive D: | 30,23 Gb Total Space | 30,14 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive E: | 306,44 Gb Total Space | 306,34 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: SUERTEYTRABAJO | User Name: Suerte y Trabajo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1649376026-722091438-3856317696-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E7A72E-FEFF-47BA-B893-1697CCAE5FE2}" = calibre
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"888poker" = 888poker
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.2.65
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"HoldemManager" = Holdem Manager
"InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"IP Camera" = IP Camera
"kleiner-brauhelfer_is1" = kleiner-brauhelfer version 1.0.0.0
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PostgreSQL 8.4" = PostgreSQL 8.4
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/01/2012 0:00:45 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-28 23:00:45 COTERROR: duplicate key value violates unique
constraint "uniqueserial" 2012-01-28 23:00:45 COTSTATEMENT: EXECUTE PKHEXECUTE(145834254,12,to_timestamp('01/18/2012
23:31:52','MM/DD/YYYY HH24:MI:SS'),2,1,5,3,3,0,0,4,37,30,12,27,0,30,1,30,30,0,0,0,0,-1,2,3,False,-1,0,0,0,12,14,-1,4,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 29/01/2012 0:00:45 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-28 23:00:45 COTERROR: duplicate key value violates unique
constraint "uniqueserial" 2012-01-28 23:00:45 COTSTATEMENT: EXECUTE PKHEXECUTE(145834335,12,to_timestamp('01/18/2012
23:32:51','MM/DD/YYYY HH24:MI:SS'),2,1,5,0,0,0,0,6,0,0,0,0,0,25,0,50,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,4,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 29/01/2012 15:31:13 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 14:31:13 COTFATAL: the database system is starting up

Error - 29/01/2012 15:31:14 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 14:31:14 COTFATAL: the database system is starting up

Error - 29/01/2012 15:31:15 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 14:31:15 COTFATAL: the database system is starting up

Error - 29/01/2012 16:56:22 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 15:56:22 COTFATAL: the database system is starting up

Error - 29/01/2012 16:59:05 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 15:59:05 COTFATAL: the database system is starting up

Error - 29/01/2012 16:59:06 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 15:59:06 COTFATAL: the database system is starting up

Error - 29/01/2012 16:59:07 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 15:59:07 COTFATAL: the database system is starting up

Error - 29/01/2012 16:59:08 | Computer Name = SuerteyTrabajo | Source = PostgreSQL | ID = 0
Description = 2012-01-29 15:59:08 COTFATAL: the database system is starting up

[ System Events ]
Error - 29/01/2012 18:29:12 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 18:30:56 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 18:30:58 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 18:35:05 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:38 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:40 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:42 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:42 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:43 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 29/01/2012 20:21:50 | Computer Name = SuerteyTrabajo | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.


< End of report >


And now the OTL:


OTL logfile created on: 29/01/2012 19:25:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Suerte y Trabajo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000300a | Country: Ecuador | Language: ESF | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,95% Memory free
7,81 Gb Paging File | 6,19 Gb Available in Paging File | 79,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 58,88 Gb Free Space | 60,29% Space Free | Partition Type: NTFS
Drive D: | 30,23 Gb Total Space | 30,14 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive E: | 306,44 Gb Total Space | 306,34 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: SUERTEYTRABAJO | User Name: Suerte y Trabajo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 19:24:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Suerte y Trabajo\Desktop\OTL.exe
PRC - [2012/01/23 12:11:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/30 15:26:24 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/30 15:26:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/11/30 15:26:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/14 02:59:46 | 002,655,768 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/14 02:59:44 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 02:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/23 12:11:23 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/30 13:44:48 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\524aef253597aa414604c57f76f33f0b\IAStorUtil.ni.dll
MOD - [2011/11/30 13:44:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\024f03e7c3149af74b266185a031bdcf\IAStorCommon.ni.dll
MOD - [2009/07/14 04:29:34 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/13 23:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/13 23:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 23:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 23:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/13 23:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 23:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/13 23:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 23:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/30 15:26:24 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/11/30 15:26:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/14 18:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/10/14 02:59:46 | 002,655,768 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/14 02:59:44 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/30 15:26:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/30 15:26:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/30 15:22:46 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/30 14:03:35 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/30 14:03:33 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2010/12/15 06:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/14 06:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 06:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 06:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 06:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 06:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/28 08:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Sonido Intel®
DRV:64bit: - [2010/10/14 02:59:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/27 04:09:30 | 008,200,552 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/08/19 13:51:44 | 002,366,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/06/23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de
IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ec
IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 3F F5 BE 24 B5 CC 01 [binary data]
IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..keyword.URL: "http://search.babylo...4de2b0f030d&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/23 12:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/02 08:22:39 | 000,000,000 | ---D | M]

[2011/11/30 15:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suerte y Trabajo\AppData\Roaming\mozilla\Extensions
[2012/01/23 12:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suerte y Trabajo\AppData\Roaming\mozilla\Firefox\Profiles\m2aheaui.default\extensions
[2011/11/30 15:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/01/23 12:11:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/23 12:11:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/23 12:11:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/23 12:11:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/23 12:11:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1649376026-722091438-3856317696-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1649376026-722091438-3856317696-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1649376026-722091438-3856317696-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{392999A2-0381-47F8-B240-6837C34F0E6F}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 19:23:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Suerte y Trabajo\Desktop\OTL.exe
[2012/01/29 15:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/29 15:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/29 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/29 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/01/29 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/01/29 15:16:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/29 15:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon Client Removal Utility
[2012/01/29 14:12:59 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Desktop\Bewerber
[2012/01/29 13:58:00 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Documents\My Digital Editions
[2012/01/29 13:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/01/29 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Biblioteca de calibre
[2012/01/29 12:21:52 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\calibre
[2012/01/29 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/01/29 12:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/01/29 01:21:05 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Documents\Grundlegende_Brautechnologie__WS2010_2011
[2012/01/24 18:59:05 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Desktop\Spundapparat
[2012/01/23 01:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/01/23 01:38:29 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Babylon
[2012/01/23 01:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
[2012/01/18 22:57:34 | 000,000,000 | ---D | C] -- C:\HMArchive
[2012/01/18 22:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC
[2012/01/18 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Desktop\Unilimpio
[2012/01/12 00:41:10 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Desktop\E-Books
[2012/01/09 00:05:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/01/08 20:50:01 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Application Data
[2012/01/08 20:19:21 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Timecontrol
[2012/01/08 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/01/08 20:18:04 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Local\Conduit
[2012/01/06 03:56:38 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\Documents\Directorio de intercambio Bluetooth
[2012/01/04 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Gremmelsoft
[2012/01/04 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\.kleiner-brauhelfer
[2012/01/04 16:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kleiner-brauhelfer
[2012/01/04 16:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kleiner_brauhelfer

========== Files - Modified Within 30 Days ==========

[2012/01/29 19:24:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Suerte y Trabajo\Desktop\OTL.exe
[2012/01/29 19:21:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/29 15:58:36 | 3146,182,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 15:37:02 | 000,001,258 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Spybot - Search & Destroy.lnk
[2012/01/29 15:08:41 | 000,019,324 | ---- | M] () -- C:\Users\Suerte y Trabajo\Documents\cc_20120129_150832.reg
[2012/01/29 13:57:53 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/01/29 12:21:38 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/01/28 11:55:20 | 000,193,017 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Internacional Unternehmen.png
[2012/01/28 11:52:08 | 000,216,036 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Pichincha.png
[2012/01/26 08:49:24 | 000,309,440 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Cerveceria Cherusker_Factura.pdf
[2012/01/25 23:58:56 | 000,177,827 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Die_Qualitaetskette_Hopfen_bis_zum_Hopfenprodukt.pdf
[2012/01/24 17:19:35 | 000,081,387 | ---- | M] () -- C:\Users\Suerte y Trabajo\Documents\Reisepass.jpg
[2012/01/23 21:07:46 | 000,000,706 | ---- | M] () -- C:\Users\Suerte y Trabajo\Documents\Suerte y Trabajo - Acceso directo.lnk
[2012/01/23 01:38:40 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/01/20 11:01:55 | 000,124,215 | ---- | M] () -- C:\Users\Suerte y Trabajo\Documents\CEDULA 002.jpg
[2012/01/19 01:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\HMHud.INI
[2012/01/18 08:58:26 | 000,443,635 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Erbslöh.pdf
[2012/01/14 21:38:20 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/14 21:38:20 | 000,694,386 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/01/14 21:38:20 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/14 21:38:20 | 000,134,448 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/01/14 21:38:20 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 21:01:21 | 010,761,802 | ---- | M] () -- C:\Users\Suerte y Trabajo\Documents\Baralga-Installer-1.6.jar
[2012/01/03 13:15:23 | 000,009,884 | ---- | M] () -- C:\Users\Suerte y Trabajo\Desktop\Malzwerkstatt.pdf

========== Files Created - No Company Name ==========

[2012/01/29 15:37:02 | 000,001,258 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Spybot - Search & Destroy.lnk
[2012/01/29 15:08:39 | 000,019,324 | ---- | C] () -- C:\Users\Suerte y Trabajo\Documents\cc_20120129_150832.reg
[2012/01/29 13:57:53 | 000,002,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/01/29 13:57:53 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/01/29 12:21:38 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/01/28 11:55:19 | 000,193,017 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Internacional Unternehmen.png
[2012/01/28 11:52:08 | 000,216,036 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Pichincha.png
[2012/01/26 08:49:24 | 000,309,440 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Cerveceria Cherusker_Factura.pdf
[2012/01/25 23:58:56 | 000,177,827 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Die_Qualitaetskette_Hopfen_bis_zum_Hopfenprodukt.pdf
[2012/01/24 17:19:35 | 000,081,387 | ---- | C] () -- C:\Users\Suerte y Trabajo\Documents\Reisepass.jpg
[2012/01/23 21:07:46 | 000,000,706 | ---- | C] () -- C:\Users\Suerte y Trabajo\Documents\Suerte y Trabajo - Acceso directo.lnk
[2012/01/23 01:38:39 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/01/19 16:42:16 | 000,124,215 | ---- | C] () -- C:\Users\Suerte y Trabajo\Documents\CEDULA 002.jpg
[2012/01/19 01:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2012/01/18 08:58:23 | 000,443,635 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Erbslöh.pdf
[2012/01/08 20:58:23 | 010,761,802 | ---- | C] () -- C:\Users\Suerte y Trabajo\Documents\Baralga-Installer-1.6.jar
[2012/01/03 13:15:23 | 000,009,884 | ---- | C] () -- C:\Users\Suerte y Trabajo\Desktop\Malzwerkstatt.pdf
[2011/12/27 08:41:01 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll.bak
[2011/12/27 08:41:01 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2011/11/30 15:20:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/11/30 13:47:26 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/30 13:47:26 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/30 13:47:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/11/30 13:46:05 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/04 17:02:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe

========== LOP Check ==========

[2012/01/23 01:38:29 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Babylon
[2012/01/29 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\calibre
[2012/01/04 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Gremmelsoft
[2012/01/18 22:55:13 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\HEM Data
[2011/12/13 20:27:14 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\PacificPoker
[2012/01/08 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Timecontrol
[2011/12/02 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\Suerte y Trabajo\AppData\Roaming\TrueCrypt
[2009/07/14 00:08:49 | 000,008,126 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/11/30 15:45:12 | 097,746,072 | ---- | C] ()(C:\Users\Suerte y Trabajo\Documents\?THEOFANIS GEKAS TORSCHÜTZENKöNIG HINRUNDE 10_11?.mp4) -- C:\Users\Suerte y Trabajo\Documents\★THEOFANIS GEKAS TORSCHÜTZENKöNIG HINRUNDE 10_11★.mp4
[2010/12/20 12:07:12 | 097,746,072 | ---- | M] ()(C:\Users\Suerte y Trabajo\Documents\?THEOFANIS GEKAS TORSCHÜTZENKöNIG HINRUNDE 10_11?.mp4) -- C:\Users\Suerte y Trabajo\Documents\★THEOFANIS GEKAS TORSCHÜTZENKöNIG HINRUNDE 10_11★.mp4

< End of report >


To be honestly.....I dond understand anything there ;-)

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 January 2012 - 03:02 AM

Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=6294bf0d00000000000074de2b0f030d&q="
    O3 - HKU\S-1-5-21-1649376026-722091438-3856317696-1000\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
    [2012/01/23 01:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/01/23 01:38:29 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Roaming\Babylon
    [2012/01/08 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/01/08 20:18:04 | 000,000,000 | ---D | C] -- C:\Users\Suerte y Trabajo\AppData\Local\Conduit
    
    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log file.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 06 February 2012 - 06:33 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users