Google Redirect

MrFox · 01.07.2012, 21:47

Hallo,

mein Rechner ist seit kurzem mit dem - wie meine Recherchen ergeben haben - ja durchaus nicht wenig verbreiteten "Google Redirect"-Hijack gesegnet.

Welche Unterart davon, weiß ich allerdings nicht.

Symptome:
Ab und zu werden die Links der Google-Ergebnisseite auf andere URLs weitergeleitet (oft freshweather.com).

Scans habe ich durchgeführt:

Code:

ATTFilter

OTL logfile created on: 6/29/2012 4:36:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\USERNAME\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.81% Memory free
5.98 Gb Paging File | 4.89 Gb Available in Paging File | 81.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 247.86 Gb Total Space | 76.84 Gb Free Space | 31.00% Space Free | Partition Type: NTFS
Drive D: | 166.02 Gb Total Space | 68.68 Gb Free Space | 41.37% Space Free | Partition Type: NTFS
 
Computer Name: ALAN | User Name: USERNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/29 16:22:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\USERNAME\Downloads\OTL.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\USERNAME\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\USERNAME\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/22 11:16:38 | 000,273,688 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/08/29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/22 11:16:18 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/08/28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Users\JULIAN~1\AppData\Local\Temp\DJQEL.exe -- (DJQEL)
SRV - [2012/06/17 18:57:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/30 09:42:05 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/03/11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/27 21:42:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/08/29 00:18:09 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [On_Demand | Stopped] -- C:\Program Files\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2007/11/08 00:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\USERNAME\Downloads\aida32ee_393\aida32.sys -- (AIDA32Driver)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/03/11 23:13:36 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 23:13:35 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/01/18 16:11:48 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/01/18 16:11:08 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012/01/18 16:10:36 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/01/18 13:06:02 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/01/18 13:06:02 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/12/19 20:59:14 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/08/29 22:01:10 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2011/08/08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2011/07/08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/03/18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/03/06 20:28:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/03/06 20:28:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/17 18:06:10 | 000,111,152 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/27 00:30:29 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010/09/27 14:24:50 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/08/21 19:50:29 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/05/12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/12/09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/11 20:39:16 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/06/11 20:39:14 | 000,012,032 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/06/11 20:39:14 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/08/18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://google.de/#hl=de&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..network.proxy.http: "hxxp://entaroadun.info"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.20\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 18:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 04:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/31 18:17:04 | 000,000,000 | ---D | M]
 
[2010/08/21 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions
[2010/08/21 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/20 18:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\luj7i79c.default\extensions
[2012/04/09 17:02:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\luj7i79c.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/05/20 18:52:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\luj7i79c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/29 17:49:18 | 000,001,997 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\luj7i79c.default\searchplugins\wolframalpha.xml
[2012/01/29 15:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/24 11:33:03 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\USERNAME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LUJ7I79C.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/05/17 20:22:16 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\USERNAME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LUJ7I79C.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/06/17 18:57:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/30 00:19:02 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/08 00:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 01:00:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/04/14 01:00:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/14 01:00:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/20 11:00:38 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/04/14 01:00:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/04/14 01:00:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/04/14 01:00:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\gears.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2012/06/29 15:49:50 | 000,000,844 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 10.254.254.253	AFS
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\USERNAME\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\USERNAME\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tempclean.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E82C9AE-D91C-4657-AB53-8A6108F77C4A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{472fbf4f-adb7-11df-9205-0024547e35b5}\Shell - "" = AutoRun
O33 - MountPoints2\{472fbf4f-adb7-11df-9205-0024547e35b5}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{472fbf4f-adb7-11df-9205-0024547e35b5}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{4845d2c1-2a5c-11e0-bba8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4845d2c1-2a5c-11e0-bba8-005056c00008}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{a7e99007-b9f5-11df-95f3-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e99007-b9f5-11df-95f3-005056c00008}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\stub.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/29 16:01:03 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Malwarebytes
[2012/06/29 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/29 16:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/29 16:00:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/29 16:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/28 23:34:09 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/24 22:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aladdin Shared
[2012/06/24 22:50:09 | 004,180,576 | ---- | C] (SafeNet Inc.) -- C:\windows\System32\hasplms.exe
[2012/06/24 22:50:09 | 004,180,576 | ---- | C] (SafeNet Inc.) -- C:\windows\System32\aksllmtp.exe
[2012/06/24 22:50:06 | 000,356,864 | ---- | C] (SafeNet Inc.) -- C:\windows\System32\drivers\aksfridge.sys
[2012/06/24 22:49:42 | 000,588,800 | ---- | C] (SafeNet Inc.) -- C:\windows\System32\drivers\hardlock.sys
[2012/06/24 22:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauptwerk Virtual Pipe Organ
[2012/06/24 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hauptwerk Virtual Pipe Organ VST Link Plug-In
[2012/06/24 22:42:44 | 000,000,000 | ---D | C] -- C:\Hauptwerk
[2012/06/24 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hauptwerk Virtual Pipe Organ
[2012/06/24 22:41:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2012/06/19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012/06/19 17:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2012/06/15 09:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012/06/15 09:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2012/06/15 01:25:23 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Cycling '74
[2012/06/14 00:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrandOrgue
[2012/06/14 00:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\GrandOrgue
[2012/06/13 09:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/06/13 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/06/12 09:08:30 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Local\Macromedia
[2012/06/04 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\Desktop\Weihnachten 2011
[2012/05/31 18:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/05/30 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\USERNAME\*.tmp files -> C:\Users\USERNAME\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/29 16:33:16 | 000,023,328 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 16:33:16 | 000,023,328 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 16:32:53 | 000,000,156 | ---- | M] () -- C:\Users\USERNAME\defogger_reenable
[2012/06/29 16:25:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/29 16:25:51 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 16:00:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/26 15:01:36 | 000,001,078 | ---- | M] () -- C:\Users\USERNAME\.octave_hist
[2012/06/24 22:49:09 | 000,001,402 | ---- | M] () -- C:\Users\USERNAME\Desktop\Hauptwerk user guide.lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | M] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 3).lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | M] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 2).lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | M] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 1).lnk
[2012/06/24 22:49:09 | 000,001,116 | ---- | M] () -- C:\Users\USERNAME\Desktop\Hauptwerk.lnk
[2012/06/24 20:14:43 | 000,765,922 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/06/24 20:14:43 | 000,710,132 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/24 20:14:43 | 000,172,266 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/06/24 20:14:43 | 000,141,222 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/24 13:25:55 | 196,602,375 | ---- | M] () -- D:\Eigene Dokumente\TV-20120623-2023-5001.webl.h264.mp4
[2012/06/21 21:42:17 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/06/19 17:51:58 | 000,000,897 | ---- | M] () -- C:\Users\USERNAME\Desktop\SIW.lnk
[2012/06/19 09:08:34 | 000,000,600 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\winscp.rnd
[2012/06/15 09:40:38 | 560,017,525 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/06/13 22:31:36 | 000,000,600 | ---- | M] () -- C:\Users\USERNAME\AppData\Local\PUTTY.RND
[2012/06/13 09:15:04 | 000,001,799 | ---- | M] () -- C:\Users\USERNAME\Desktop\WinSCP.lnk
[2012/06/13 08:22:46 | 003,872,904 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/10 20:40:48 | 000,008,187 | ---- | M] () -- C:\Users\USERNAME\Preferences.xml
[2012/06/04 15:38:44 | 000,002,177 | ---- | M] () -- C:\Users\USERNAME\.recently-used.xbel
[2012/06/02 12:22:17 | 000,001,057 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/30 23:40:17 | 000,001,168 | ---- | M] () -- C:\Users\USERNAME\Desktop\RadioSure.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\USERNAME\*.tmp files -> C:\Users\USERNAME\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/29 16:32:52 | 000,000,156 | ---- | C] () -- C:\Users\USERNAME\defogger_reenable
[2012/06/29 16:00:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/28 23:23:58 | 000,232,960 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\U\00000008.@
[2012/06/28 23:23:38 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\U\80000000.@
[2012/06/28 23:23:37 | 000,088,576 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\U\80000032.@
[2012/06/28 23:23:37 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\L\00000004.@
[2012/06/28 23:23:29 | 000,002,048 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\U\00000004.@
[2012/06/28 23:23:23 | 000,001,632 | ---- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\U\000000cb.@
[2012/06/24 22:49:09 | 000,001,402 | ---- | C] () -- C:\Users\USERNAME\Desktop\Hauptwerk user guide.lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | C] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 3).lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | C] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 2).lnk
[2012/06/24 22:49:09 | 000,001,191 | ---- | C] () -- C:\Users\USERNAME\Desktop\Hauptwerk (alt config 1).lnk
[2012/06/24 22:49:09 | 000,001,116 | ---- | C] () -- C:\Users\USERNAME\Desktop\Hauptwerk.lnk
[2012/06/24 13:20:52 | 196,602,375 | ---- | C] () -- D:\Eigene Dokumente\TV-20120623-2023-5001.webl.h264.mp4
[2012/06/19 17:51:58 | 000,000,897 | ---- | C] () -- C:\Users\USERNAME\Desktop\SIW.lnk
[2012/06/15 09:40:38 | 560,017,525 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/06/13 09:15:07 | 000,000,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\winscp.rnd
[2012/06/13 09:15:04 | 000,001,799 | ---- | C] () -- C:\Users\USERNAME\Desktop\WinSCP.lnk
[2012/06/04 15:38:44 | 000,002,177 | ---- | C] () -- C:\Users\USERNAME\.recently-used.xbel
[2012/05/30 23:40:17 | 000,001,168 | ---- | C] () -- C:\Users\USERNAME\Desktop\RadioSure.lnk
[2012/05/19 12:05:29 | 000,000,769 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\gnuplot_history
[2012/04/01 16:01:15 | 000,008,187 | ---- | C] () -- C:\Users\USERNAME\Preferences.xml
[2012/04/01 15:58:17 | 000,000,886 | ---- | C] () -- C:\Users\USERNAME\DatabaseConnections.xml
[2012/03/13 15:49:27 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/01/17 15:12:26 | 000,001,078 | ---- | C] () -- C:\Users\USERNAME\.octave_hist
[2012/01/12 22:10:28 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\@
[2012/01/12 22:10:28 | 000,002,048 | -HS- | C] () -- C:\Users\USERNAME\AppData\Local\{1adf558a-0dbe-4de3-b53d-aea3ba8bca07}\@
[2012/01/03 00:33:09 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\ff
[2011/12/18 21:01:48 | 000,001,506 | ---- | C] () -- C:\Users\USERNAME\_viminfo
[2011/12/02 22:12:32 | 000,000,032 | ---- | C] () -- C:\Users\USERNAME\.simfy
[2011/12/02 00:32:26 | 000,000,016 | ---- | C] () -- C:\Users\USERNAME\persistent_state
[2011/11/04 20:44:01 | 000,000,038 | ---- | C] () -- C:\Users\USERNAME\.lesshst
[2011/08/04 20:22:41 | 000,017,408 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\WebpageIcons.db
[2011/05/10 17:59:36 | 000,000,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\PUTTY.RND
[2011/04/19 22:55:50 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\wklnhst.dat
[2011/04/12 21:28:33 | 000,086,016 | ---- | C] () -- C:\windows\System32\ZCompress.EXE
[2011/04/12 21:28:33 | 000,073,728 | ---- | C] () -- C:\windows\System32\WinSFX.bin
[2011/04/12 21:28:33 | 000,062,716 | ---- | C] () -- C:\windows\System32\Uninstall985F.DAT
[2011/04/12 21:28:32 | 000,516,096 | ---- | C] () -- C:\windows\System32\BldSetup.EXE
[2011/04/12 21:28:32 | 000,212,992 | ---- | C] () -- C:\windows\System32\Setup.EXE
[2011/04/12 21:28:32 | 000,098,304 | ---- | C] () -- C:\windows\System32\BldOpt.EXE
[2011/04/12 21:28:32 | 000,081,920 | ---- | C] () -- C:\windows\System32\GkSui20.EXE
[2011/04/12 21:28:32 | 000,069,632 | ---- | C] () -- C:\windows\System32\Dspan.bin
[2011/04/12 21:28:31 | 000,114,688 | ---- | C] () -- C:\windows\System32\BldDat.EXE
[2011/04/04 22:54:12 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011/03/06 20:28:53 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2011/03/06 20:28:53 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2011/02/28 12:54:51 | 000,000,232 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/02/07 15:35:48 | 000,220,704 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/02/07 13:33:43 | 000,000,017 | ---- | C] () -- C:\windows\Missing.ini
[2011/01/28 00:03:08 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2011/01/28 00:03:08 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2010/12/06 02:51:47 | 000,000,212 | ---- | C] () -- C:\windows\ildasmfnt.bin
[2010/11/24 00:25:47 | 000,000,101 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\fusioncache.dat
[2010/11/02 21:46:02 | 000,000,120 | ---- | C] () -- C:\windows\imagedit.ini
[2010/10/25 13:22:07 | 000,000,080 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\X-Plane Installer.prf
[2010/09/27 20:31:45 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2010/09/20 01:12:10 | 000,000,501 | ---- | C] () -- C:\windows\ODBC.INI
[2010/09/17 23:06:16 | 000,000,061 | -HS- | C] () -- C:\windows\cnerolf.dat
[2010/09/06 13:35:53 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2010/09/06 13:35:52 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2010/09/06 13:35:52 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2010/09/06 13:33:15 | 000,000,218 | ---- | C] () -- C:\windows\SIERRA.INI
[2010/09/05 11:59:27 | 000,213,089 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\debuggee.mdmp
[2010/09/05 00:34:40 | 000,007,619 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\Resmon.ResmonCfg
[2010/09/03 13:42:27 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/08/30 23:08:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/29 11:00:29 | 000,008,192 | ---- | C] () -- C:\windows\d3dx.dat
[2010/08/27 09:23:05 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2010/08/27 09:23:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2010/08/21 17:49:51 | 000,006,656 | ---- | C] () -- C:\windows\System32\lpcio.dll
[2010/08/21 16:58:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2007/03/12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
 
========== LOP Check ==========
 
[2010/08/21 19:58:44 | 000,000,000 | -HSD | M] -- C:\Users\USERNAME\AppData\Roaming\.#
[2011/06/11 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\.minecraft
[2011/11/07 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\.purple
[2012/02/01 01:32:54 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\AnvSoft
[2011/11/04 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Arduino
[2011/09/26 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Audacity
[2010/11/30 01:23:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Audio Recorder for Free
[2011/01/27 22:54:01 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Autodesk
[2011/01/22 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\AutomatedQA
[2011/09/01 20:45:02 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Canon
[2010/08/22 22:17:54 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ChartViewer
[2010/09/14 00:02:08 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/21 18:00:48 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\CoffeeCup Software
[2012/03/22 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\CrypTool
[2012/06/15 01:25:23 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Cycling '74
[2010/09/06 22:45:34 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DAEMON Tools Lite
[2012/01/29 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Dev-Cpp
[2012/06/29 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Dropbox
[2011/07/26 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\EAC
[2011/04/21 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Echo Software
[2011/08/05 00:06:41 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\elsterformular
[2011/04/22 09:21:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Embarcadero
[2011/12/11 02:10:57 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\enchant
[2011/12/16 02:18:34 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Enigma
[2012/06/29 00:45:22 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\FileZilla
[2011/01/22 15:41:08 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\FinalBuilder7
[2012/06/29 16:24:58 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Free Download Manager
[2012/02/15 00:08:32 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\FreeCommander
[2011/07/14 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\FrontDesign
[2012/01/22 12:47:19 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Greenshot
[2012/03/30 08:39:37 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\gtk-2.0
[2010/08/22 08:38:46 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\HeidiSQL
[2010/08/28 21:51:37 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\IcoFX
[2010/12/01 22:14:56 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\inkscape
[2010/08/23 18:20:37 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\IrfanView
[2010/10/28 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Leadertech
[2010/11/22 12:12:48 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Mael
[2012/05/22 09:32:28 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Mp3tag
[2011/06/29 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Navigram
[2010/08/22 22:55:55 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Nokia
[2011/04/21 14:51:46 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Notepad++
[2010/10/25 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Nvu
[2010/08/22 04:40:42 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\OpenOffice.org
[2010/09/04 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Opera
[2011/10/12 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Scribus
[2011/03/22 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Simfy
[2012/02/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Stellarium
[2010/08/22 09:16:31 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Subversion
[2011/08/18 00:25:40 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\SumatraPDF
[2011/10/01 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Synthesia
[2011/04/19 22:55:55 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Template
[2010/08/21 20:19:53 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Thunderbird
[2012/06/24 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TrueCrypt
[2012/05/28 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TS3Client
[2012/01/12 23:38:43 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\UnknownApplicationVendor
[2011/03/15 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\VAT-Spy
[2010/12/22 12:50:30 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\VisualD
[2012/06/25 23:57:18 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Im Anhang noch der erweiterte zweite OTL-Report und das Gmer-Logfile. Wobei ich beim Gmer-Scan den Dateiscan noch weglassen musste - dauerte schlichtweg zu lang.

Würde mich sehr freuen, wenn mir hier jemand weiterhelfen kann.

Grüße,
Julian

cosinus · 02.07.2012, 15:56

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

MrFox · 03.07.2012, 08:37

Ein Bekannter hat den Virus entfernen können, Problem damit aus der Welt!

Vielen Dank trotzdem für eure Bemühungen und eure Hilfe!

cosinus · 03.07.2012, 14:06

Ich hoffe, dass er gründlich dabei vorging.

03.07.2012, 14:06	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Redirect Ich hoffe, dass er gründlich dabei vorging. __________________ Logfiles bitte immer in CODE-Tags posten

Google Redirect

Plagegeister aller Art und deren Bekämpfung: Google Redirect

Google Redirect

Google Redirect

Google Redirect

Google Redirect

Ähnliche Themen: Google Redirect

03.07.2012, 08:37	#3
MrFox	Google Redirect Ein Bekannter hat den Virus entfernen können, Problem damit aus der Welt! Vielen Dank trotzdem für eure Bemühungen und eure Hilfe! __________________