| |
| |||||||
Mülltonne: Firefox öffnet neues Fenster mit WerbungWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
14.07.2011, 17:49
| #1 |
 |  Firefox öffnet neues Fenster mit Werbung Hi, ich hoffe ihr könnt helfen. Firefox öffnet neue Fenster wenn ich ne Suche ausführe. Meist Schmuddelkram-Seiten. Hier alle Logs wie gefordert. Secure, Spybot und Emisoft Anti-Male hab ich durchlaufen lassen. Danke!! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:13:13, on 14.07.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\xxx\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RGSC] D:\Games\Neuer Ordner\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 7888 bytes Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7137 Windows 6.1.7 600 Internet Explorer 8.0.7600.16385 14.07.2011 18:14:34 mbam-log-2011-07-14 (18-14-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Durchsuchte Objekte: 350768 Laufzeit: 55 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. -> Quarantined and deleted successfully. OTL logfile created on: 14.07.2011 18:18:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free 6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M] [2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions [2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions [2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775 [2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com [2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com [2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard [2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar [2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src [2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml [2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15000 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes [2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware [2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic [2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE [2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460 [2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA [2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk [2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe [2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll ========== LOP Check ========== [2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft [2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft [2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited [2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4 [2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook [2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter [2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD [2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ [2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn [2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView [2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes [2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech [2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master [2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola [2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia [2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite [2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster [2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player [2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3 [2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client [2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft [2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu [2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs [2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > OTL logfile created on: 14.07.2011 18:18:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free 6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M] [2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions [2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions [2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775 [2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com [2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com [2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard [2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar [2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src [2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml [2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15000 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes [2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware [2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic [2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE [2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460 [2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA [2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys [2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk [2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe [2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll ========== LOP Check ========== [2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft [2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft [2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited [2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4 [2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook [2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter [2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD [2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ [2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn [2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView [2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes [2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech [2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master [2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola [2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia [2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite [2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster [2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player [2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3 [2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client [2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft [2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu [2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs [2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
14.07.2011, 18:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet neues Fenster mit Werbung Wieso ein neuer Thread? Ich hab deine "Irrläufer" schon separiert. => http://www.trojaner-board.de/101327-...e-firefox.html
__________________Dieser hier landet in der Tonne!
__________________ |
| Themen zu Firefox öffnet neues Fenster mit Werbung |
| 0x00000001, acrobat update, alternate, antivir, antivir guard, autorun, avira, bho, bonjour, credit, desktop, emsisoft, emsisoft anti-malware, error, excel, firefox, google, hijack, hijackthis, installation, internet, internet explorer, langs, launch, mbamservice.exe, mozilla, nvlddmkm.sys, object, plug-in, realtek, registry, software, sptd.sys, start menu, system, usb, version=1.0, webcheck, werbung, windows |
Linear-Darstellung
