Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Google redirect Malware

Google redirect Malware


Plagegeister aller Art und deren Bekämpfung: Google redirect Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.07.2011, 13:57   #1
Maite23
 
Google redirect Malware - Unglücklich

Google redirect Malware


Hallo ihr Computerspezialisten,

ich benötigen dringend eure Hilfe. Ich habe die Befürchtung, dass ich Malware (kenne nicht genau die Unterschiede zwischen Virus, Wurm, Trojaner, Malware etc.) auf meinem Laptop habe.
Oft passiert es, dass ich eine Seite über Google aus anklicke, diese dann aber nicht geöffnet wird, sondern eine ganz andere Seite mit Werbung.

Ich habe mich bei euch auf der Seite belesen und bereits einen Scan mit Malwarebytes durchgeführt. Folgende log Datei habe ich gespeichert:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7136

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14.07.2011 14:29:22
mbam-log-2011-07-14 (14-29-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181769
Laufzeit: 23 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> 3204 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Maite\AppData\Local\Temp\Wrc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


Weiterhin habe ich (wie ihr gepostet habt) dieses OTL ausgeführt und einen Scan gestartet.

Folgendes kam dabei heraus:

OTL logfile created on: 7/14/2011 2:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Maite\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1.97 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.93% Memory free
3.93 Gb Paging File | 2.43 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.86 Gb Total Space | 49.15 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.48 Gb Free Space | 35.59% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 46.05% Space Free | Partition Type: NTFS

Computer Name: MAITE-PC | User Name: Maite | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Maite\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)


========== Modules (SafeList) ==========

MOD - C:\Users\Maite\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Plc)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (PCDSRVC{C4B36920-79E24793-06000000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (MTsensor32) -- C:\Windows\System32\drivers\PuAcpi32.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D CE 5B 6D 6F 01 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.91.254:8080;https=192.168.91.254:8080;ftp=192.168.91.254:8080;socks=192.168.91.254:1080

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://sn119w.snt119.mail.live.com/default.aspx?wa=wsignin1.0|hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/03 11:49:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/14 09:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/14 09:31:59 | 000,000,000 | ---D | M]

[2009/11/15 22:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maite\AppData\Roaming\Mozilla\Extensions
[2011/07/14 10:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions
[2011/04/03 22:45:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/09/02 15:48:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/14 10:32:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/09/19 16:58:42 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\youtube2mp3@mondayx.de
[2011/04/04 11:48:19 | 000,000,873 | ---- | M] () -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\searchplugins\conduit.xml
[2011/07/14 09:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/27 21:51:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/15 09:46:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:39:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/19 11:21:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 16:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/06 14:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/14 09:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/02/03 11:49:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/03 22:08:08 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2011/03/20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maite\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.91.208 192.168.91.203
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/03 00:46:54 | 000,000,049 | ---- | M] () - S:\autorun.inf.vir -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 14:03:18 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\Malwarebytes
[2011/07/14 14:01:46 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/14 14:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/14 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/14 14:01:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/14 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 09:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/14 09:34:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/14 09:34:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/14 09:34:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/14 09:30:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/14 09:30:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/14 09:30:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/14 09:30:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/14 09:30:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/14 09:30:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/14 09:30:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/14 09:30:03 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/14 09:30:02 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/14 09:29:58 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/11 22:06:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
[2011/07/11 21:40:22 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/07/11 21:40:21 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/07/11 21:40:20 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/07/11 21:40:20 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/07/11 21:40:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/07/11 21:40:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/07/11 21:34:21 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2011/07/11 21:32:32 | 000,024,312 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2011/07/11 21:32:03 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2011/07/11 21:31:39 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/06/22 13:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011/06/22 13:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011/06/22 13:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011/06/22 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/22 13:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/06/22 13:05:43 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2011/06/22 12:58:06 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2011/06/21 21:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/06/21 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/06/21 20:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/21 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\Maite\Documents\Simply Super Software
[2011/06/21 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/06/21 19:57:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011/06/21 19:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/06/21 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/06/21 19:57:16 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\Simply Super Software
[2011/06/21 12:05:04 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Local\Sophos
[2011/06/21 12:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/06/21 12:00:24 | 000,000,000 | ---D | C] -- C:\stdtsa
[2011/06/21 11:54:18 | 000,000,000 | ---D | C] -- C:\escw_97_sa
[2011/06/20 22:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/20 22:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/20 22:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2011/06/20 15:56:26 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\QuickScan
[2011/06/20 14:34:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 14:34:53 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/20 14:34:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/20 14:34:53 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/20 14:34:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/20 14:34:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/20 14:34:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/20 14:34:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/20 14:34:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/20 14:34:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/20 14:34:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/20 14:34:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/20 14:34:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/20 14:34:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/20 14:34:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/20 14:34:52 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/20 14:34:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/20 14:34:52 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/20 14:34:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/20 14:34:52 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/20 14:34:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/20 14:34:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/20 14:34:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/20 14:34:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 14:34:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 14:34:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 14:34:51 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/20 14:34:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/20 14:34:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/20 14:34:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/20 14:34:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/20 14:34:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/20 14:34:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/20 14:34:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/20 14:34:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/20 14:34:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/20 14:34:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/20 14:34:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/20 14:34:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/20 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Maite\Documents\Annikas Hochzeit
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/07/14 14:01:47 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 10:27:53 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 10:27:53 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 10:20:30 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\KFEMAHKJM.job
[2011/07/14 10:20:15 | 000,425,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/14 10:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 10:19:11 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 21:44:05 | 000,115,712 | RHS- | M] () -- C:\Windows\System32\appmgmtsl.dll
[2011/07/11 21:34:22 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2011/07/11 21:33:20 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2011/07/11 21:32:32 | 000,024,312 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2011/07/11 21:32:03 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2011/07/11 21:31:40 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/06/22 15:16:12 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/22 13:18:35 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2011/06/22 13:15:53 | 000,002,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011/06/22 12:58:06 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2011/06/22 12:28:53 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/06/21 21:18:24 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 21:18:24 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/21 19:57:23 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/06/21 16:31:48 | 000,017,408 | ---- | M] () -- C:\Users\Maite\AppData\Local\WebpageIcons.db
[2011/06/20 22:47:32 | 000,001,232 | ---- | M] () -- C:\Users\Maite\Contacts\Desktop\Spybot - Search & Destroy.lnk
[2011/06/20 22:34:46 | 000,001,417 | ---- | M] () -- C:\Users\Maite\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/20 14:34:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 14:34:53 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/20 14:34:53 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/20 14:34:53 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/20 14:34:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/20 14:34:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/20 14:34:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/20 14:34:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/20 14:34:53 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/20 14:34:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/20 14:34:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/20 14:34:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/20 14:34:52 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/20 14:34:52 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/20 14:34:52 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/20 14:34:52 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/20 14:34:52 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/20 14:34:52 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/20 14:34:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/20 14:34:52 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/20 14:34:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/20 14:34:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/20 14:34:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/20 14:34:52 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/20 14:34:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 14:34:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 14:34:51 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 14:34:51 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/20 14:34:51 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/20 14:34:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/20 14:34:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/20 14:34:51 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/20 14:34:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/20 14:34:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/20 14:34:51 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/20 14:34:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/20 14:34:51 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/20 14:34:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/20 14:34:51 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/20 14:34:51 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/20 11:19:49 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/07/14 14:01:47 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 21:44:05 | 000,115,712 | RHS- | C] () -- C:\Windows\System32\appmgmtsl.dll
[2011/07/11 21:44:05 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\KFEMAHKJM.job
[2011/06/22 13:15:53 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011/06/22 12:26:05 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/06/21 21:09:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2011/06/21 19:57:23 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/06/21 19:57:19 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/06/21 19:57:19 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011/06/21 19:57:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011/06/21 19:57:18 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011/06/21 16:31:44 | 000,017,408 | ---- | C] () -- C:\Users\Maite\AppData\Local\WebpageIcons.db
[2011/06/20 22:47:32 | 000,001,232 | ---- | C] () -- C:\Users\Maite\Contacts\Desktop\Spybot - Search & Destroy.lnk
[2011/06/20 14:34:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/26 11:41:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/28 23:01:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/21 18:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/21 18:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/21 18:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/21 17:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/12/18 14:52:18 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/01 17:43:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/11/16 00:30:20 | 000,014,344 | ---- | C] () -- C:\Windows\System32\drivers\PuAcpi32.sys
[2009/11/16 00:30:15 | 000,061,440 | R--- | C] () -- C:\Windows\System32\AABATT.dll
[2009/08/13 22:45:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,425,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,620,150 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,108,332 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:59:08 | 000,011,776 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009/07/14 02:58:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009/07/14 02:58:25 | 000,010,240 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009/07/14 02:56:53 | 000,159,232 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >


Ich wollte jetzt nicht weitermachen, da ich Angst habe totalen Unsinn zu verzapfen und lieber nochmal Rücksprache mit einem Fachmann halten.

Ich hoffe ihr könnt mir weiterhelfen.

Vielen Dank schonmal

 

Themen zu Google redirect Malware
alternate, autorun, bho, bonjour, converter, defender, dringend, error, explorer, firefox, format, ftp, gfnexsrv.exe, google, google redirect malware virus entfernen, hijack.zones, langs, launch, lenovo, logfile, malwar, malware, mbamservice.exe, monitor, mozilla, mp3, object, plug-in, registry, safer networking, scan, software, start menu, super, taskhost.exe, temp, trojan.fakealert.sa, trojan.fraudpack.gen, trojaner, unterschiede, version=1.0, virus, webcheck, wurm


« BKA-Trojaner und keine Ahnung wie ich ihn beseitigen soll | Avira-Scan von Desinfect 2011 meldet Adware.Gen in G-Data Internet Security »


Ähnliche Themen: Google redirect Malware


  1. Google Redirect - Malware - Google leitet falsch um
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (21)
  2. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (27)
  3. Google redirect?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (14)
  4. Redirect Google
    Log-Analyse und Auswertung - 05.11.2012 (27)
  5. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  6. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  7. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  8. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  9. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  10. google redirect ?
    Plagegeister aller Art und deren Bekämpfung - 27.10.2011 (26)
  11. Google redirect
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (13)
  12. Google redirect/Tdss-Trojaner - Malware Tools funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (3)
  13. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (13)
  14. Google Redirect...
    Log-Analyse und Auswertung - 14.06.2009 (20)
  15. Redirect von Google
    Log-Analyse und Auswertung - 18.03.2009 (0)
  16. Google redirect
    Log-Analyse und Auswertung - 12.01.2009 (0)
  17. Redirect von Google
    Plagegeister aller Art und deren Bekämpfung - 14.04.2006 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Google redirect Malware - Hallo ihr Computerspezialisten, ich benötigen dringend eure Hilfe. Ich habe die Befürchtung, dass ich Malware (kenne nicht genau die Unterschiede zwischen Virus, Wurm, Trojaner, Malware etc.) auf meinem Laptop habe. - Google redirect Malware...
Archiv
Du betrachtest: Google redirect Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131