Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.07.2011, 17:25   #1
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Hi,
ich bin zwar nicht neu hier aber dasselbe Problem aufm PC.
Hier schon mal das HJ-Log.: Rest folgt!
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:13, on 14.07.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\xxx\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RGSC] D:\Games\Neuer Ordner\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7888 bytes
         
--- --- ---

Alt 14.07.2011, 18:17   #2
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7137

Windows 6.1.7 600
Internet Explorer 8.0.7600.16385

14.07.2011 18:14:34
mbam-log-2011-07-14 (18-14-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Durchsuchte Objekte: 350768
Laufzeit: 55 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
__________________


Alt 14.07.2011, 18:27   #3
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.07.2011 18:18:58 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\xxx\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free
6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS
 
Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M]
 
[2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions
[2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775
[2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com
[2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com
[2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard
[2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar
[2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src
[2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml
[2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
() (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	gosredirector.ea.com
O1 - Hosts: 127.0.0.1	blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1	gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	demangler.ea.com
O1 - Hosts: 127.0.0.1	vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 15000 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes
[2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware
[2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic
[2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE
[2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460
[2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA
[2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk
[2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe
[2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll
 
========== LOP Check ==========
 
[2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft
[2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft
[2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited
[2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook
[2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter
[2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD
[2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ
[2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn
[2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView
[2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes
[2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech
[2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master
[2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola
[2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia
[2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite
[2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster
[2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player
[2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3
[2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client
[2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft
[2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu
[2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs
[2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >
         
--- --- ---
__________________

Alt 14.07.2011, 18:31   #4
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.07.2011 18:18:58 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\xxx\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free
6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS
 
Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M]
 
[2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions
[2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775
[2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com
[2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com
[2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard
[2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar
[2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src
[2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml
[2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
() (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	gosredirector.ea.com
O1 - Hosts: 127.0.0.1	blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1	gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	demangler.ea.com
O1 - Hosts: 127.0.0.1	vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 15000 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes
[2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware
[2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic
[2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE
[2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460
[2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA
[2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk
[2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe
[2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll
 
========== LOP Check ==========
 
[2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft
[2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft
[2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited
[2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook
[2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter
[2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD
[2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ
[2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn
[2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView
[2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes
[2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech
[2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master
[2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola
[2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia
[2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite
[2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster
[2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player
[2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3
[2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client
[2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft
[2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu
[2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs
[2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >
         
--- --- ---


UND:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.07.2011 18:18:58 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\xxx\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 49,16% Memory free
6,50 Gb Paging File | 4,43 Gb Available in Paging File | 68,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,38 Gb Total Space | 158,81 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive D: | 231,38 Gb Total Space | 133,31 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive F: | 372,61 Gb Total Space | 172,88 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive Q: | 1397,26 Gb Total Space | 789,25 Gb Free Space | 56,49% Space Free | Partition Type: NTFS
 
Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDPictureViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 33 35 5D 6C 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\UncleDoc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 09:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.26 09:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 09:10:52 | 000,000,000 | ---D | M]
 
[2010.01.01 18:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Extensions
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions
[2011.06.20 21:41:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.22 11:10:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.20 12:44:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.21 20:50:50 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2011.07.13 19:24:04 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\bug489729@alice0775
[2011.07.12 13:32:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\DeviceDetection@logitech.com
[2011.03.28 16:57:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\engine@conduit.com
[2011.03.27 00:33:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\personas@christopher.beard
[2010.10.31 20:49:33 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\UncleDoc\AppData\Roaming\mozilla\Firefox\Profiles\kv6obsxf.default\extensions\vshare@toolbar
[2011.07.13 17:30:33 | 000,000,950 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin-1.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.src
[2011.06.14 15:19:31 | 000,001,056 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\icqplugin.xml
[2010.10.31 20:50:20 | 000,001,583 | ---- | M] () -- C:\Users\UncleDoc\AppData\Roaming\Mozilla\Firefox\Profiles\kv6obsxf.default\searchplugins\web-search.xml
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.01.01 18:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.01.01 19:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.07 14:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.18 16:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 15:23:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 15:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 19:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 17:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 12:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERSxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
() (No name found) -- C:\USERS\UNCLEDOC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV6OBSXF.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2011.06.22 11:10:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.13 19:57:31 | 000,435,973 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	gosredirector.ea.com
O1 - Hosts: 127.0.0.1	blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1	gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	demangler.ea.com
O1 - Hosts: 127.0.0.1	vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 15000 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell - "" = AutoRun
O33 - MountPoints2\{7cd3d437-f6ed-11de-a0a6-001fd08dd035}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.14 17:16:03 | 000,000,000 | ---D | C] -- C:\Usersxxx\AppData\Roaming\Malwarebytes
[2011.07.14 17:15:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.14 17:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.14 17:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.14 17:15:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.14 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.13 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011.07.13 19:44:08 | 000,000,000 | ---D | C] -- C:\Usersxxxx\Documents\Anti-Malware
[2011.07.13 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.13 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.07.12 20:54:55 | 000,000,000 | ---D | C] -- C:\Usersxxxx\AppData\Roaming\Media Player Classic
[2011.07.12 12:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.12 12:39:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.12 12:39:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.06.26 09:56:05 | 000,000,000 | ---D | C] -- C:\Usersxxx\Desktop\Walt_Disney_-_Das_Dschungelbuch_Dschungelhits-DE-1993-oNePiEcE
[2011.06.26 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011.06.17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.06.15 14:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TG09-PC-6152-6250-to-6460
[2011.06.15 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\UncleDoc\AppData\Roaming\NVIDIA
[2011.06.14 21:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011.06.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.06.14 21:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | M] () -- C:\Usersxxx\Desktop\OTL - Verknüpfung.lnk
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:13:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.14 17:11:21 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.14 17:11:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.14 17:11:21 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.14 17:11:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.14 17:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.14 17:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.07.14 17:05:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 19:57:31 | 000,435,973 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.12 11:54:22 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.12 11:54:22 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.26 09:10:30 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011.06.26 09:10:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011.06.26 09:10:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011.06.25 12:10:13 | 000,068,608 | ---- | M] () -- C:\Users\UncleDoc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.17 16:02:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.14 18:17:36 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lakvxg.sys
[2011.07.14 17:21:15 | 000,001,338 | ---- | C] () -- C:\Usersxxxx\Desktop\OTL - Verknüpfung.lnk
[2011.06.17 14:31:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.05.27 11:13:19 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.07 16:12:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.01.13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe
[2010.11.18 16:00:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.31 20:34:40 | 010,440,704 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.08.04 22:02:21 | 000,068,608 | ---- | C] () -- C:\Usersxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 21:48:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.03 20:01:09 | 000,038,433 | ---- | C] () -- C:\Usersxxxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.02.22 16:47:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.21 12:50:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2010.01.28 16:05:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.13 18:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.01 18:40:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 10:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,358,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2003.04.06 06:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\Windows\System32\hpotscl.dll
 
========== LOP Check ==========
 
[2010.01.30 13:13:31 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AnvSoft
[2010.04.26 11:38:35 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\AquaSoft
[2011.05.27 11:11:32 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Canneverbe Limited
[2010.03.28 12:11:53 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Command and Conquer 4
[2010.06.30 20:32:21 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.30 18:03:23 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Facebook
[2010.04.26 11:23:44 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\FreeFLVConverter
[2011.02.16 17:01:19 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\FreeMoviesToDVD
[2011.05.07 18:40:01 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\ICQ
[2010.02.22 17:02:57 | 000,000,000 | ---D | M] -- C:\Usersxxxxxx\AppData\Roaming\ImgBurn
[2010.09.12 16:45:04 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\IrfanView
[2010.05.03 17:38:29 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Jumping Bytes
[2010.01.28 16:00:59 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Leadertech
[2010.05.04 19:13:45 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Mobile Master
[2010.05.04 17:25:15 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\motorola
[2010.05.03 17:52:28 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Nokia
[2010.05.02 19:00:40 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\PC Suite
[2011.03.20 14:54:52 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\PunkBuster
[2010.10.31 16:38:02 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Stereoscopic Player
[2011.06.11 14:37:05 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Tropico 3
[2010.08.02 14:34:03 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\TS3Client
[2010.04.22 18:58:25 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\Ubisoft
[2010.09.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Usersxxxx\AppData\Roaming\UBitMenu
[2010.01.15 19:42:00 | 000,000,000 | ---D | M] -- C:\Usersxxx\AppData\Roaming\Win7codecs
[2011.06.19 05:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >
         
--- --- ---

Alt 14.07.2011, 18:41   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Mach das nächste Mal für dein Anliegen bitte einen eigenen Strang auf!
Ich hab deine Beiträge jetzt schon in ein neues Thema verfrachtet!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2011, 18:53   #6
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Da mein Post ja nun seinen Platz gefunden hat, gibts denn auch ne Lösung??!
Danke mit voraus!

Alt 15.07.2011, 23:14   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.07.2011, 00:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Zitat:
Infizierte Dateien:
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
-> Quarantined and deleted successfully.
Was soll sowas eigentlich? Hat das einen Grund, warum du sämtliche entfernte Dateien aus dem Log rausnimmst?
Poste das Log ohne Manipulationen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2011, 18:47   #9
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Sorry!!
Hier nochmal neu, alles was Malewarebytes hergibt.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7137

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.07.2011 18:14:34
mbam-log-2011-07-14 (18-14-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Durchsuchte Objekte: 350768
Laufzeit: 55 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
f:\treiber vista\adobe photoshop exe\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\treiber vista\clone dvd crack\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
f:\treiber vista\micr_osoft.offi-ce.profes_sional.plus.2010.x86.german.vl.edition-ti-w\mini_kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.
f:\treiber vista\winrar 3.80 deutsch inkl. patch\keygenpatch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


mehr entsteht dabei nicht.
Die Seiten öffnen sich immer noch!
Bitte um Antwort!
danke

Alt 18.07.2011, 19:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Zitat:
f:\treiber vista\adobe photoshop exe\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\treiber vista\clone dvd crack\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
f:\treiber vista\micr_osoft.offi-ce.profes_sional.plus.2010.x86.german.vl.edition-ti-w\mini_kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.
f:\treiber vista\winrar 3.80 deutsch inkl. patch\keygenpatch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2011, 20:40   #11
UncleDoc
 
UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Standard

UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)



Geht klar.
Closed!

Thanks

Antwort

Themen zu UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)
acrobat update, emsisoft, emsisoft anti-malware, launch, malware.packer.gen, riskware.keygen, riskware.tool.ck



Ähnliche Themen: UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)


  1. Weiterleitung bei Google-Suche
    Log-Analyse und Auswertung - 28.11.2013 (11)
  2. Windows 7: Webseiten werden nach Google Suche auf kommerzielle Seiten umgeleitet
    Log-Analyse und Auswertung - 07.09.2013 (27)
  3. 2x Windows 7: Webseiten werden nach Google Suche auf kommerzielle Seiten umgeleitet
    Mülltonne - 17.08.2013 (1)
  4. Firefox: Bei Anklicken von Links nach Google-Suche erfolgt Umleitung auf Werbeseiten
    Log-Analyse und Auswertung - 12.07.2013 (13)
  5. Weiterleitung nach google suche zu ihavenet.com
    Log-Analyse und Auswertung - 08.05.2013 (9)
  6. Unerwünschte Weiterleitung bei Google-Suche Firefox
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (37)
  7. ihavent - Weiterleitung bei google-suche mit firefox und auch explorer
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (3)
  8. Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (17)
  9. Weiterleitung nach google Suche + amazon Daten ausgepäht
    Log-Analyse und Auswertung - 02.04.2012 (30)
  10. Falsche Weiterleitungen in Firefox nach Google-Suche | Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.09.2011 (9)
  11. Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)
    Log-Analyse und Auswertung - 21.07.2011 (19)
  12. Weiterleitung bei google search auf kommerzielle Webseiten
    Plagegeister aller Art und deren Bekämpfung - 17.07.2011 (2)
  13. nach google Suche weiterleitung zur verkehrten Seite
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (15)
  14. Nach leichtsinnigem Keygendownload 2fache spam weiterleitung Google firefox
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (1)
  15. Unerwünschte Weiterleitung bei Google-Suche Firefox
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (5)
  16. Firefox langsam, öffnet automatisch links, falsche Weiterleitung bei google suche
    Log-Analyse und Auswertung - 24.11.2010 (17)
  17. Probleme mit Google (Weiterleitung), diversen Webseiten und Malwarebytes lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (12)

Zum Thema UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) - Hi, ich bin zwar nicht neu hier aber dasselbe Problem aufm PC. Hier schon mal das HJ-Log.: Rest folgt! HiJackthis Logfile: Code: Alles auswählen Aufklappen ATTFilter Logfile of Trend Micro - UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)...
Archiv
Du betrachtest: UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.