| |
| |||||||
Log-Analyse und Auswertung: UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.07.2011, 16:25
| #1 |
 |  UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Hi, ich bin zwar nicht neu hier aber dasselbe Problem aufm PC. Hier schon mal das HJ-Log.: Rest folgt! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:13:13, on 14.07.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\xxx\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RGSC] D:\Games\Neuer Ordner\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 7888 bytes |
|
14.07.2011, 17:17
| #2 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Malwarebytes' Anti-Malware 1.51.0.1200
__________________www.malwarebytes.org Datenbank Version: 7137 Windows 6.1.7 600 Internet Explorer 8.0.7600.16385 14.07.2011 18:14:34 mbam-log-2011-07-14 (18-14-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Durchsuchte Objekte: 350768 Laufzeit: 55 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. |
|
14.07.2011, 17:27
| #3 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.07.2011 18:18:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free 6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M] [2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions [2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions [2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775 [2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com [2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com [2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard [2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar [2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src [2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml [2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15000 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes [2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware [2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic [2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE [2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460 [2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA [2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk [2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe [2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll ========== LOP Check ========== [2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft [2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft [2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited [2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4 [2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook [2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter [2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD [2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ [2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn [2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView [2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes [2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech [2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master [2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola [2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia [2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite [2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster [2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player [2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3 [2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client [2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft [2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu [2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs [2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
14.07.2011, 17:31
| #4 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.07.2011 18:18:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free 6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M] [2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions [2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions [2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775 [2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com [2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com [2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard [2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar [2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src [2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml [2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15000 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes [2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware [2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic [2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE [2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460 [2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA [2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk [2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe [2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll ========== LOP Check ========== [2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft [2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft [2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited [2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4 [2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook [2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter [2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD [2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ [2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn [2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView [2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes [2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech [2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master [2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola [2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia [2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite [2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster [2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player [2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3 [2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client [2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft [2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu [2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs [2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > UND:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.07.2011 18:18:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free 6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M] [2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions [2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions [2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775 [2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com [2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com [2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard [2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar [2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src [2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml [2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15000 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes [2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware [2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic [2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE [2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460 [2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA [2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk [2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe [2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll ========== LOP Check ========== [2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft [2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft [2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited [2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4 [2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook [2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter [2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD [2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ [2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn [2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView [2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes [2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech [2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master [2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola [2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia [2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite [2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster [2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player [2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3 [2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client [2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft [2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu [2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs [2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
14.07.2011, 17:41
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Mach das nächste Mal für dein Anliegen bitte einen eigenen Strang auf!  Ich hab deine Beiträge jetzt schon in ein neues Thema verfrachtet!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2011, 17:53
| #6 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Da mein Post ja nun seinen Platz gefunden hat, gibts denn auch ne Lösung??! Danke mit voraus! |
|
15.07.2011, 22:14
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2011, 23:40
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)Zitat:
Poste das Log ohne Manipulationen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2011, 17:47
| #9 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Sorry!! Hier nochmal neu, alles was Malewarebytes hergibt. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7137 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.07.2011 18:14:34 mbam-log-2011-07-14 (18-14-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Durchsuchte Objekte: 350768 Laufzeit: 55 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: f:\treiber vista\adobe photoshop exe\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. f:\treiber vista\clone dvd crack\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. f:\treiber vista\micr_osoft.offi-ce.profes_sional.plus.2010.x86.german.vl.edition-ti-w\mini_kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully. f:\treiber vista\winrar 3.80 deutsch inkl. patch\keygenpatch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. mehr entsteht dabei nicht. Die Seiten öffnen sich immer noch! Bitte um Antwort! danke |
|
18.07.2011, 18:42
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)Zitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2011, 19:40
| #11 |
| | UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) Geht klar. Closed! Thanks |
|
| Themen zu UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) |
| acrobat update, emsisoft, emsisoft anti-malware, launch, malware.packer.gen, plug-in, riskware.keygen, riskware.tool.ck |
Hybrid-Darstellung
