Firefox leitet auf andere Seiten um [Logfiles inside]

aexel · 28.01.2012, 16:06

Hallo,
seit einiger Zeit leitet mich der Firefox bei einer Googlesuche auf andere Seiten um. Auch eine Abwandlung diese BKA-Trojaners hat sich breit gemacht den ich aber erstmal außer Gefecht setzen konnte durch eine Löschung des Übeltäters aus der Systemstart Liste. Damit ist der Kern des Problems natürlich nicht besiegt !

OTL-Logfile:

Code:

ATTFilter

OTL logfile created on: 28.01.2012 15:37:24 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Alex\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,79% Memory free
7,93 Gb Paging File | 6,55 Gb Available in Paging File | 82,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,41 Gb Total Space | 158,73 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
Drive D: | 79,10 Gb Total Space | 25,31 Gb Free Space | 31,99% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oem-drv64.sys -- (oem-drv64) OEM-SLP2.1 Driver (HPD64)
DRV:64bit: - [2011.10.14 15:18:20 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.03 08:29:09 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.03 08:29:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.28 13:50:54 | 000,115,464 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_x64.sys -- (phonic_FF808U_usb)
DRV:64bit: - [2011.02.28 13:50:54 | 000,070,408 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_avs_x64.sys -- (phonic_FF808U_usb_avs)
DRV:64bit: - [2011.02.08 12:03:24 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.01.18 16:49:26 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.01.13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.29 14:53:00 | 000,062,976 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122Wdmx64.sys -- (US122WdmService)
DRV:64bit: - [2007.08.29 14:52:46 | 000,020,224 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122DLx64.sys -- (US122DL)
DRV:64bit: - [2007.08.29 14:52:36 | 000,200,320 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122x64.sys -- (US122)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 BF E7 26 39 51 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.backup.ftp: "85.214.50.156"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "85.214.50.156"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "85.214.50.156"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.22 22:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.11 18:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 22:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.10 04:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.02 18:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.01.07 09:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\dihdoogs.default\extensions
[2012.01.23 17:06:41 | 000,002,454 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dihdoogs.default\searchplugins\google-deutschland.xml
[2011.11.09 16:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.01.11 18:42:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 18:30:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 18:30:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 18:30:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 18:30:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 18:30:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 18:30:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.27 17:03:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A08B0FC1-616F-4ED8-88D4-2EB95E7FCCE6}: DhcpNameServer = 192.168.1.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6843933-1575-4465-96EE-D9AD31D7FBB5}: DhcpNameServer = 192.168.1.22
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.28 15:31:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\OSAM
[2012.01.28 15:28:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.01.27 18:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.27 17:57:51 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe
[2012.01.27 17:25:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.27 16:16:15 | 000,000,000 | ---D | C] -- C:\blablabla
[2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ywopl
[2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ufyfka
[2012.01.27 13:54:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.27 13:54:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.27 13:54:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.27 13:48:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.27 13:45:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.27 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012.01.27 12:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.27 12:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.27 12:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.26 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{76CC1893-FC50-4086-823C-F796BEBE5125}
[2012.01.26 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{194292B9-15BD-49AC-9C5E-D1CBAC6609CA}
[2012.01.26 22:16:18 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.26 21:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.26 21:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.01.26 21:23:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.26 21:21:06 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.01.26 21:21:06 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.01.26 21:21:03 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.01.26 21:21:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.01.26 21:20:20 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.01.26 21:20:20 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.01.26 21:18:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Windows Live
[2012.01.26 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.01.26 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.26 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.26 18:11:31 | 004,391,956 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe
[2012.01.17 23:47:36 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.17 23:47:36 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.17 23:47:36 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.17 23:47:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.17 23:47:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.17 23:47:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.11 02:52:02 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 02:52:02 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 02:52:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 02:52:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 02:51:58 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 02:51:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 02:51:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.06 10:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.01.05 18:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.01.05 18:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.01.05 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.01.02 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\GTA Vice City User Files
[2012.01.02 17:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.01.02 17:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.01.02 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\X-Chat 2
[2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Downloads
[2012.01.02 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat-WDK
[2012.01.02 15:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\XChat-WDK
[2011.12.29 18:46:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011.12.29 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\IrfanView
[2011.12.29 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.01.28 14:44:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job
[2012.01.28 11:39:44 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 11:39:44 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 11:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.28 11:32:00 | 3193,581,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) -- C:\Windows\SysNative\drivers\oem-drv64.sys
[2012.01.28 06:44:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job
[2012.01.27 17:52:11 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2012.01.27 17:03:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.27 16:07:16 | 000,010,435 | ---- | M] () -- C:\Users\Alex\Documents\chorTermine.html
[2012.01.27 16:02:12 | 000,010,380 | ---- | M] () -- C:\Users\Alex\Documents\index.html
[2012.01.27 13:50:42 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe
[2012.01.27 12:41:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 23:37:34 | 004,870,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.26 20:42:53 | 017,494,336 | ---- | M] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav
[2012.01.26 18:14:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe
[2012.01.23 21:23:36 | 000,001,031 | ---- | M] () -- C:\Users\Alex\Desktop\Studio One x64.lnk
[2012.01.23 16:30:02 | 004,246,536 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung.odt
[2012.01.23 16:24:11 | 003,121,801 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf
[2012.01.23 16:20:32 | 000,108,812 | ---- | M] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg
[2012.01.14 18:51:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.14 18:51:18 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.14 18:51:18 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.14 18:51:18 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.14 18:51:18 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.29 18:46:26 | 000,001,894 | ---- | M] () -- C:\Users\Alex\Desktop\IrfanView Thumbnails.lnk
[2011.12.29 18:46:26 | 000,001,002 | ---- | M] () -- C:\Users\Alex\Desktop\IrfanView.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.27 17:54:58 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.exe
[2012.01.27 17:51:12 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2012.01.27 13:54:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.27 13:54:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.27 13:54:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.27 13:54:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.27 13:54:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.27 12:41:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 23:37:14 | 004,870,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.26 22:12:16 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.01.26 22:04:42 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.01.26 20:42:31 | 017,494,336 | ---- | C] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav
[2012.01.26 18:14:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.23 16:22:57 | 003,121,801 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf
[2012.01.23 16:20:30 | 000,108,812 | ---- | C] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg
[2012.01.18 23:30:02 | 004,246,536 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung.odt
[2012.01.15 18:06:00 | 000,010,380 | ---- | C] () -- C:\Users\Alex\Documents\index.html
[2011.12.29 18:46:26 | 000,001,894 | ---- | C] () -- C:\Users\Alex\Desktop\IrfanView Thumbnails.lnk
[2011.12.29 18:46:26 | 000,001,002 | ---- | C] () -- C:\Users\Alex\Desktop\IrfanView.lnk
[2011.11.30 17:14:45 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.11.22 22:22:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.22 22:22:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.22 22:22:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.22 22:22:12 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.08 16:00:00 | 001,295,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.xml
[2011.11.08 16:00:00 | 000,826,767 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.xml
[2011.11.08 16:00:00 | 000,667,615 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRhythmizerpresets.xml
[2011.11.08 16:00:00 | 000,254,627 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.xml
[2011.11.08 16:00:00 | 000,199,297 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.xml
[2011.11.08 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.xml
[2011.11.08 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandConvolutionpresets.xml
[2011.11.08 16:00:00 | 000,154,386 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.xml
[2011.11.08 16:00:00 | 000,148,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.xml
[2011.11.08 16:00:00 | 000,135,842 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.xml
[2011.11.08 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.xml
[2011.11.08 16:00:00 | 000,122,007 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.xml
[2011.11.08 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.xml
[2011.11.08 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.xml
[2011.11.08 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.xml
[2011.11.08 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequencepresets.xml
[2011.11.08 16:00:00 | 000,085,968 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerpresets.xml
[2011.11.08 16:00:00 | 000,081,060 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.xml
[2011.11.08 16:00:00 | 000,063,631 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.active
[2011.11.08 16:00:00 | 000,063,254 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.xml
[2011.11.08 16:00:00 | 000,061,406 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.active
[2011.11.08 16:00:00 | 000,060,676 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.active
[2011.11.08 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.xml
[2011.11.08 16:00:00 | 000,058,594 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.xml
[2011.11.08 16:00:00 | 000,054,609 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.active
[2011.11.08 16:00:00 | 000,053,759 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.active
[2011.11.08 16:00:00 | 000,052,267 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoDynamicEqpresets.xml
[2011.11.08 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml
[2011.11.08 16:00:00 | 000,049,227 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.active
[2011.11.08 16:00:00 | 000,048,067 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.active
[2011.11.08 16:00:00 | 000,046,546 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.active
[2011.11.08 16:00:00 | 000,046,270 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.active
[2011.11.08 16:00:00 | 000,044,956 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.active
[2011.11.08 16:00:00 | 000,044,289 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.active
[2011.11.08 16:00:00 | 000,040,503 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.active
[2011.11.08 16:00:00 | 000,038,927 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.active
[2011.11.08 16:00:00 | 000,037,342 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicEqpresets.xml
[2011.11.08 16:00:00 | 000,035,733 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.active
[2011.11.08 16:00:00 | 000,034,155 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.active
[2011.11.08 16:00:00 | 000,032,555 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.active
[2011.11.08 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.xml
[2011.11.08 16:00:00 | 000,030,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.xml
[2011.11.08 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.xml
[2011.11.08 16:00:00 | 000,027,283 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.active
[2011.11.08 16:00:00 | 000,026,429 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MCompressorpresets.xml
[2011.11.08 16:00:00 | 000,025,570 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.active
[2011.11.08 16:00:00 | 000,023,302 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.active
[2011.11.08 16:00:00 | 000,021,399 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.active
[2011.11.08 16:00:00 | 000,021,299 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerpresets.xml
[2011.11.08 16:00:00 | 000,020,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.active
[2011.11.08 16:00:00 | 000,020,193 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MLimiterpresets.xml
[2011.11.08 16:00:00 | 000,020,123 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFlangerpresets.xml
[2011.11.08 16:00:00 | 000,017,558 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorpresets.xml
[2011.11.08 16:00:00 | 000,017,537 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDelaypresets.xml
[2011.11.08 16:00:00 | 000,015,613 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.xml
[2011.11.08 16:00:00 | 000,013,158 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MOscillatorpresets.xml
[2011.11.08 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceSetpresets.xml
[2011.11.08 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformEqualizerpresets.xml
[2011.11.08 16:00:00 | 000,010,793 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDistortionpresets.xml
[2011.11.08 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreqShifterpresets.xml
[2011.11.08 16:00:00 | 000,007,646 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoExpanderpresets.xml
[2011.11.08 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerLinearPhasepresets.xml
[2011.11.08 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformAnalogEqpresets.xml
[2011.11.08 16:00:00 | 000,006,687 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\menvelopepresets.xml
[2011.11.08 16:00:00 | 000,006,652 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAnalyzerpresets.xml
[2011.11.08 16:00:00 | 000,005,914 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MWaveShaperpresets.xml
[2011.11.08 16:00:00 | 000,005,832 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.active
[2011.11.08 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml
[2011.11.08 16:00:00 | 000,004,490 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorAnalyzerpresets.xml
[2011.11.08 16:00:00 | 000,004,377 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MChoruspresets.xml
[2011.11.08 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MPhaserpresets.xml
[2011.11.08 16:00:00 | 000,004,103 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoProcessorpresets.xml
[2011.11.08 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRingModulatorpresets.xml
[2011.11.08 16:00:00 | 000,003,597 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTransientpresets.xml
[2011.11.08 16:00:00 | 000,002,820 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2011.11.08 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MVibratopresets.xml
[2011.11.08 16:00:00 | 000,002,492 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2011.11.08 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTremolopresets.xml
[2011.11.08 16:00:00 | 000,001,948 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutopanpresets.xml
[2011.11.08 16:00:00 | 000,001,235 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2011.11.08 16:00:00 | 000,001,011 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MValueToColor5presets.xml
[2011.11.08 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MUltraMaximizerpresets.xml
[2011.11.08 16:00:00 | 000,000,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerLinearPhasepresets.xml
[2011.11.08 16:00:00 | 000,000,109 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.xml
[2011.11.08 16:00:00 | 000,000,098 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerpresets.xml
[2011.08.02 18:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

< End of report >

OSAM-Logfile

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:55:39 on 28.01.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job" - "Google Inc." - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job" - "Google Inc." - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Atheros Extensible Wireless LAN device driver" (athr) - "Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\athrx.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\blablabla\catchme.sys  (File not found)
"OEM-SLP2.1 Driver (HPD64)" (oem-drv64) - "secr9tos" - C:\Windows\System32\DRIVERS\oem-drv64.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und jetzt das interessanteste, der MBR Check der mir einen gefälschten MBR anzeigt:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	TOSHIBA
BIOS Manufacturer:		TOSHIBA
System Manufacturer:		TOSHIBA
System Product Name:		Satellite L500
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 186):
  0x02A0D000 \SystemRoot\system32\xNtKrnl.exe
  0x02FF7000 \SystemRoot\system32\hal.dll
  0x00BCB000 \SystemRoot\system32\kdcom.dll
  0x00C4F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00C9E000 \SystemRoot\system32\PSHED.dll
  0x00CB2000 \SystemRoot\system32\CLFS.SYS
  0x00D10000 \SystemRoot\system32\CI.dll
  0x00DD0000 \SystemRoot\system32\DRIVERS\oem-drv64.sys
  0x00EAB000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F4F000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F5E000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FB5000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FBE000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00FC8000 \SystemRoot\system32\drivers\pci.sys
  0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E22000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E2B000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E37000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00DE3000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00C00000 \SystemRoot\system32\drivers\atapi.sys
  0x00C09000 \SystemRoot\system32\drivers\ataport.SYS
  0x00C33000 \SystemRoot\system32\drivers\msahci.sys
  0x00C3E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x01051000 \SystemRoot\system32\drivers\amdxata.sys
  0x0105C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010A8000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x010BC000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0111A000 \SystemRoot\System32\Drivers\cng.sys
  0x013D3000 \SystemRoot\System32\drivers\pcw.sys
  0x013E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x014AD000 \SystemRoot\system32\drivers\ndis.sys
  0x015A0000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01688000 \SystemRoot\System32\drivers\tcpip.sys
  0x0188C000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x018D6000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x018E6000 \SystemRoot\system32\drivers\volsnap.sys
  0x01932000 \SystemRoot\System32\Drivers\spldr.sys
  0x0193A000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01974000 \SystemRoot\System32\Drivers\mup.sys
  0x01986000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x0198F000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x019C9000 \SystemRoot\system32\drivers\disk.sys
  0x01600000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x0142B000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x01471000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01668000 \SystemRoot\System32\Drivers\Null.SYS
  0x01671000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01678000 \SystemRoot\System32\drivers\vga.sys
  0x0118C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019DF000 \SystemRoot\System32\drivers\watchdog.sys
  0x019EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x0149B000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x014A4000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x013EE000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x011B1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x011D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03AA0000 \SystemRoot\system32\drivers\afd.sys
  0x03B29000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03B6E000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x03B79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03B82000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03BA8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03BBE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03BCD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03BE8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03A68000 \SystemRoot\System32\drivers\discache.sys
  0x066C8000 \SystemRoot\system32\drivers\csc.sys
  0x0674B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x06769000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x0677A000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x0679E000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x07209000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x07820000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x07914000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x0795A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x0797E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0798B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x079E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x067C4000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x06895000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
  0x06800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0680D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x06812000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x06830000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0683F000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x06888000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x06600000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x079F2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x0660F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x06625000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x06635000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0664B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x06FF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0666F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0669E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03A77000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x011E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x0688A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x07200000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x01000000 \SystemRoot\system32\DRIVERS\ks.sys
  0x07A7C000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x07A8E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x07AE8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x07AFD000 \SystemRoot\system32\drivers\HdAudio.sys
  0x07B59000 \SystemRoot\system32\drivers\portcls.sys
  0x07B96000 \SystemRoot\system32\drivers\drmk.sys
  0x07BB8000 \SystemRoot\system32\drivers\ksthunk.sys
  0x00080000 \SystemRoot\System32\win32k.sys
  0x07BBE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x07BCA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x07BD8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x07BE4000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x07A00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x004E0000 \SystemRoot\System32\TSDDD.dll
  0x00730000 \SystemRoot\System32\cdd.dll
  0x008A0000 \SystemRoot\System32\ATMFD.DLL
  0x07A21000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x07A3E000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x01630000 \SystemRoot\system32\drivers\luafv.sys
  0x03484000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x034A3000 \SystemRoot\system32\drivers\WudfPf.sys
  0x034C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x034D9000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x0352C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x0353F000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x070DE000 \SystemRoot\system32\drivers\HTTP.sys
  0x071A7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x071C5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0702D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0707B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0709F000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x070AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x071DD000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x03557000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0A4AC000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0A5DF000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x77BB0000 \Windows\System32\ntdll.dll
  0x47D20000 \Windows\System32\smss.exe
  0xFFED0000 \Windows\System32\apisetschema.dll
  0xFF520000 \Windows\System32\autochk.exe
  0xFFDE0000 \Windows\System32\advapi32.dll
  0xFFBD0000 \Windows\System32\ole32.dll
  0xFFBB0000 \Windows\System32\imagehlp.dll
  0x77D80000 \Windows\System32\normaliz.dll
  0xFFB10000 \Windows\System32\comdlg32.dll
  0x77D70000 \Windows\System32\psapi.dll
  0xFFAB0000 \Windows\System32\Wldap32.dll
  0xFFA40000 \Windows\System32\gdi32.dll
  0xFF930000 \Windows\System32\msctf.dll
  0xFF800000 \Windows\System32\rpcrt4.dll
  0xFF7B0000 \Windows\System32\ws2_32.dll
  0xFF790000 \Windows\System32\sechost.dll
  0x779A0000 \Windows\System32\iertutil.dll
  0x778A0000 \Windows\System32\user32.dll
  0xFF6F0000 \Windows\System32\clbcatq.dll
  0xFF670000 \Windows\System32\shlwapi.dll
  0xFF590000 \Windows\System32\oleaut32.dll
  0xFF510000 \Windows\System32\difxapi.dll
  0xFE780000 \Windows\System32\shell32.dll
  0xFE6B0000 \Windows\System32\usp10.dll
  0xFE610000 \Windows\System32\msvcrt.dll
  0x77780000 \Windows\System32\kernel32.dll
  0xFE600000 \Windows\System32\lpk.dll
  0xFE5D0000 \Windows\System32\imm32.dll
  0xFE3F0000 \Windows\System32\setupapi.dll
  0x77630000 \Windows\System32\urlmon.dll
  0x774D0000 \Windows\System32\wininet.dll
  0xFE3E0000 \Windows\System32\nsi.dll
  0xFE3C0000 \Windows\System32\devobj.dll
  0xFE380000 \Windows\System32\cfgmgr32.dll
  0xFE310000 \Windows\System32\KernelBase.dll
  0xFE1A0000 \Windows\System32\crypt32.dll
  0xFE160000 \Windows\System32\wintrust.dll
  0xFE0C0000 \Windows\System32\comctl32.dll
  0xFE0B0000 \Windows\System32\msasn1.dll
  0x77D60000 \Windows\SysWOW64\normaliz.dll

Processes (total 53):
       0 System Idle Process
       4 System
     268 C:\Windows\System32\smss.exe
     360 csrss.exe
     432 C:\Windows\System32\wininit.exe
     444 csrss.exe
     488 C:\Windows\System32\services.exe
     504 C:\Windows\System32\lsass.exe
     512 C:\Windows\System32\lsm.exe
     632 C:\Windows\System32\svchost.exe
     708 C:\Windows\System32\svchost.exe
     756 C:\Windows\System32\atiesrxx.exe
     812 C:\Windows\System32\winlogon.exe
     864 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\svchost.exe
     984 C:\Windows\System32\svchost.exe
     560 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\atieclxx.exe
    1352 C:\Windows\System32\spoolsv.exe
    1380 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1404 C:\Windows\System32\svchost.exe
    1524 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1560 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1608 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1676 C:\Windows\System32\svchost.exe
    1712 C:\Windows\System32\conhost.exe
    1756 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    1800 C:\Windows\System32\svchost.exe
    2256 C:\Windows\System32\taskhost.exe
    2436 C:\Windows\System32\dwm.exe
    2460 C:\Windows\explorer.exe
    2700 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2912 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3020 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3060 C:\Windows\System32\SearchIndexer.exe
    2936 C:\Windows\System32\svchost.exe
    3056 C:\Windows\System32\svchost.exe
    1808 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2432 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1556 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     672 C:\Windows\System32\svchost.exe
    4020 C:\Windows\System32\svchost.exe
    3616 dllhost.exe
    3904 C:\Users\Alex\Desktop\OSAM\osam.exe
    3120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3636 C:\Windows\System32\audiodg.exe
    3324 C:\Windows\System32\svchost.exe
     612 C:\Users\Alex\Desktop\MBRCheck.exe
    2652 C:\Windows\System32\conhost.exe
    3936 C:\Windows\System32\dllhost.exe
    2088 C:\Windows\System32\notepad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`60900000  (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4055GSX, Rev: FG011M  

      Size  Device Name          MBR Status
  --------------------------------------------
    372 GB  \\.\PhysicalDrive0   MBR Code Faked!
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

TDSS Killer von Kaspersky lässt sich nicht ausführen, es passiert einfach nichts beim öffnen. Außerdem gehen auch manche andere Programme nichtmehr auszuführen, allerdings ohne System dahinter was geht und was nicht. In meinem Startmenü zeigt es unter "Alle Programme" nur noch die Ordner an, aber in denen befinden sich keine Verknüpfungen mehr. Unhide bringt keine Abhilfe !

Danke für die Hilfe im Vorraus ;D

Firefox leitet auf andere Seiten um [Logfiles inside]

Log-Analyse und Auswertung: Firefox leitet auf andere Seiten um [Logfiles inside]

Firefox leitet auf andere Seiten um [Logfiles inside]

Ähnliche Themen: Firefox leitet auf andere Seiten um [Logfiles inside]