Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Google verweist auf falsche Seiten

Google verweist auf falsche Seiten


Plagegeister aller Art und deren Bekämpfung: Google verweist auf falsche Seiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.11.2012, 18:09   #1
Thure
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten


Also. Mein Google verweist mich auf komplett andere Seiten, wenn ich etwas Suche und das Ergebnis anklicke. Sehr makaber.

Mal der OTL-Bericht:

Code:
ATTFilter
OTL logfile created on: 06.11.2012 17:59:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Florian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,27% Memory free
15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 360,09 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 283,47 Gb Free Space | 62,10% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.06 17:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012.06.08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2012.05.01 13:31:14 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011.10.12 11:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.10.12 11:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.10.12 11:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011.08.31 11:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.04.02 22:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011.03.29 03:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011.03.29 03:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011.03.23 23:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.09.28 14:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\OSGeo4W\apache\bin\httpd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.12 11:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.10.12 11:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.27 14:50:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 22:15:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.06.08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2012.06.07 08:15:34 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2012.05.01 13:31:14 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.05 21:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- D:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.23 23:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.28 14:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OSGeo4W\apache\bin\httpd.exe -- (ApacheOSGeo4WWebServer)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.08 23:05:17 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.03.08 23:05:17 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.11 05:04:46 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.07.11 05:04:46 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.07.11 05:04:46 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.05.16 15:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 EF 03 0B 00 00 00 1A F3 A1 3C 01 00 00 80 06 00 EF 03 00 00 00 00  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyB8dUZAu&i=26
IE - HKCU\..\SearchScopes\{F65F8403-4D74-486C-943A-923EACE894D1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=4274AF66-C60F-4AA6-964D-B3547E23C949&apn_sauid=DB91E342-445C-4F24-8BC2-D91B8D73F021
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://gmx.de/"
FF - prefs.js..extensions.enabledAddons: de-ade@fehler-haft.de:16.0.a
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.07 12:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.07 12:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.06 17:43:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.06 17:43:07 | 000,000,000 | ---D | M]
 
[2012.02.24 15:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2012.10.23 10:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\9o5jh1ci.default\extensions
[2012.10.12 08:22:15 | 000,271,375 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\extensions\de-ade@fehler-haft.de.xpi
[2012.07.26 08:19:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.12 06:26:54 | 000,000,853 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\11-suche.xml
[2012.08.11 06:41:27 | 000,002,396 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\askcom.xml
[2012.10.10 17:15:26 | 000,000,907 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\conduit.xml
[2012.09.12 06:26:54 | 000,002,209 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\englische-ergebnisse.xml
[2012.09.12 06:26:54 | 000,010,506 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\gmx-suche.xml
[2012.09.12 06:26:54 | 000,002,368 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\lastminute.xml
[2012.05.07 12:39:50 | 000,002,203 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\MyStart Search.xml
[2012.10.11 10:06:06 | 000,000,642 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\search-safer.xml
[2012.05.14 07:53:24 | 000,003,915 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\sweetim.xml
[2012.09.12 06:26:54 | 000,005,489 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\9o5jh1ci.default\searchplugins\webde-suche.xml
[2012.10.27 14:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.27 14:50:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.27 14:50:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.12 08:21:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.25 13:37:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.12 08:21:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 08:21:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 08:21:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 08:21:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 08:21:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Florian\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Florian\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [nwck] C:\Users\Florian\AppData\Roaming\netsh7.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F662B5-5A2B-4305-A594-BE258A5B8915}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.13 01:06:56 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ae2af745-1611-11e1-9e28-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2af745-1611-11e1-9e28-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008.07.16 18:13:53 | 052,428,800 | R--- | M] (Alcachofa Soft                                              )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.06 17:59:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.11.06 17:38:26 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2012.11.06 17:38:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.06 17:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 17:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 08:22:07 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{8BB0765B-612E-4A74-9C8C-463073049AC6}
[2012.11.05 13:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pizza
[2012.11.05 13:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbo Pizza
[2012.11.05 11:44:21 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Skunk Studios
[2012.11.05 08:05:23 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux Family Secrets - Das Buch der Orakel
[2012.11.05 08:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flux Family Secrets - Das Buch der Orakel
[2012.11.05 08:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux Family Secrets - Das Buch der Orakel
[2012.11.05 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{4FC5F8C7-BF75-4A05-AEDC-7F5A10E8B171}
[2012.11.04 21:07:04 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.04 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alcachofa Soft
[2012.11.04 21:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcachofa Soft
[2012.11.04 15:03:54 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Der Clou!2
[2012.11.04 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F7D5EB79-46E1-4EDC-B30C-CB79C1F8E80E}
[2012.11.03 16:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Der Clou!2
[2012.11.03 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\neoSoftware
[2012.11.03 15:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2012.11.03 15:51:09 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2012.11.03 07:56:05 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{483C9580-DC03-42AD-A784-C88EBEC70A37}
[2012.11.02 13:15:42 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infected - Der Zwillings - Impfstoff Sammleredition
[2012.11.02 13:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infected - Der Zwillings - Impfstoff Sammleredition
[2012.11.02 13:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infected - Der Zwillings - Impfstoff Sammleredition
[2012.11.02 07:14:35 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{5A8A4A1A-9879-4521-BA7D-A47331A0AFA3}
[2012.11.01 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{0120BC14-ED20-4CCB-BA5E-3D1760B7998E}
[2012.10.31 09:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twisted Lands 3 - Der Anfang
[2012.10.31 07:29:05 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{AB06A187-4FF2-4701-AAD9-F4FC691CC00C}
[2012.10.30 07:28:09 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{079F70B4-63FC-414D-B1BC-3D73BB53673C}
[2012.10.29 15:27:54 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Alawar Stargaze
[2012.10.29 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.10.29 14:33:43 | 000,000,000 | ---D | C] -- C:\Sierra
[2012.10.29 13:29:46 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Seven Sails
[2012.10.29 07:27:14 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{80C34741-802F-43F3-BBCD-5C00B6CB0295}
[2012.10.28 07:26:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{78917704-0D65-45C3-918E-B16EADB4B87C}
[2012.10.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 11:46:47 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\URSE Games
[2012.10.27 07:25:26 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{532F1F3D-239E-45C9-B02B-360B46777930}
[2012.10.26 10:41:14 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\GameDevo
[2012.10.26 06:09:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C0EBB2BD-1043-49BC-A9C2-E8EA69729DF9}
[2012.10.25 06:09:02 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{2077E936-048A-497B-B30D-A794C2516B10}
[2012.10.24 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Camel101
[2012.10.24 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\GarageGames
[2012.10.24 06:08:17 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C643ECE5-8C3E-4764-892F-B5D4266105EE}
[2012.10.23 11:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2012.10.23 06:07:32 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{4E9451E5-BBDE-4AEF-8B87-1CD069A97FBD}
[2012.10.22 06:06:09 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{6D130683-65CF-471D-A686-05754ED7FC1D}
[2012.10.21 07:16:38 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{42809043-1FCA-4571-97B3-C8D8CABB1A6F}
[2012.10.20 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{627A8CF7-69EF-4192-8CE1-2B9C3AF16ED1}
[2012.10.19 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{89D958E8-2F54-4A9B-AE48-CB635F6FF23C}
[2012.10.18 07:53:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{356393C4-5CE4-448B-8971-635C418BA357}
[2012.10.17 10:10:21 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Programs
[2012.10.17 07:52:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{B3F4062F-26A2-466C-B1C5-59BBAB88336F}
[2012.10.16 07:51:56 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{88513993-0B9D-45BF-BEC5-95EF3EC0E3B9}
[2012.10.15 08:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.10.15 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{77C8A824-6CFC-473B-AFD7-2867A6F00111}
[2012.10.14 07:50:02 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{906F9CB3-969B-49AA-8787-042833C68BDE}
[2012.10.13 07:49:11 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C86B4A8B-9037-4430-A82B-99BDF2C313AE}
[2012.10.12 10:31:37 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{BE29A690-9CA9-43AC-9E82-4245E669B134}
[2012.10.11 10:30:41 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{02E8CAA3-70DB-4112-8635-DD5B1D299470}
[2012.10.10 10:29:46 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{CAC0630B-8EA8-4450-BE14-37DEC826B1A6}
[2012.10.09 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{9355DEC7-612C-4B77-A9EF-A1A2E3E76E8C}
[2012.10.09 08:03:25 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{6058EB6F-CED5-44B8-B30D-D2DD455CA67A}
[2012.10.08 15:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Constructor
[2012.10.08 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C8C21C4E-21BA-4F0B-B003-F3F705E8D48A}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.06 17:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2012.11.06 17:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable
[2012.11.06 17:58:48 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.11.06 17:51:38 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 17:51:38 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 17:50:40 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.06 17:50:40 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.06 17:50:40 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.06 17:50:40 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.06 17:50:40 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.06 17:44:29 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.06 17:44:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.06 17:44:13 | 2131,955,711 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.06 17:41:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.06 17:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.06 15:18:37 | 000,106,496 | RHS- | M] () -- C:\Users\Florian\AppData\Roaming\netsh7.dll
[2012.11.05 13:13:00 | 000,052,748 | ---- | M] () -- C:\Windows\wininit.ini
[2012.11.05 13:10:09 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Turbo Pizza.lnk
[2012.11.05 08:05:55 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Flux Family Secrets - Das Buch der Orakel.lnk
[2012.11.04 21:07:04 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.04 17:35:52 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.11.04 17:35:52 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.11.04 17:35:52 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.11.02 13:16:36 | 000,002,256 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Infected - Der Zwillings - Impfstoff Sammleredition.lnk
[2012.10.31 12:22:17 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\Burger Bustle.lnk
[2012.10.23 11:33:09 | 000,001,297 | ---- | M] () -- C:\Users\Public\Desktop\Jojo’s Fashion Show 2.lnk
[2012.10.11 10:12:57 | 000,001,381 | ---- | M] () -- C:\Users\Public\Desktop\Das Buch der Dunklen Träume.lnk
[2012.10.10 17:15:24 | 000,000,009 | ---- | M] () -- C:\END
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.06 17:59:01 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable
[2012.11.06 17:58:48 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe
[2012.11.06 15:18:37 | 000,106,496 | RHS- | C] () -- C:\Users\Florian\AppData\Roaming\netsh7.dll
[2012.11.05 13:10:09 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Turbo Pizza.lnk
[2012.11.05 08:05:55 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Flux Family Secrets - Das Buch der Orakel.lnk
[2012.11.02 13:16:36 | 000,002,256 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Infected - Der Zwillings - Impfstoff Sammleredition.lnk
[2012.10.31 12:22:17 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\Burger Bustle.lnk
[2012.10.29 14:58:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.10.29 14:58:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.10.29 14:58:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.10.23 11:33:09 | 000,001,297 | ---- | C] () -- C:\Users\Public\Desktop\Jojo’s Fashion Show 2.lnk
[2012.10.11 10:12:57 | 000,001,381 | ---- | C] () -- C:\Users\Public\Desktop\Das Buch der Dunklen Träume.lnk
[2012.10.10 17:15:24 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.09 22:10:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.09 14:53:24 | 000,001,001 | ---- | C] () -- C:\Users\Florian\AppData\Local\RT2070_{4BB48026-ECDF-4993-B3DD-4E8D867FECB1}_wsc
[2012.08.21 16:16:12 | 000,002,086 | ---- | C] () -- C:\Users\Florian\.recently-used.xbel
[2012.08.11 15:19:25 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 10:00:03 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012.07.11 09:59:55 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012.07.11 09:59:55 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012.06.21 13:33:56 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.06.21 13:33:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.06.21 13:28:53 | 000,877,218 | ---- | C] () -- C:\Windows\RON 2010 GERMAN Uninstaller.exe
[2012.05.21 13:34:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.05.20 20:20:23 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.13 07:39:48 | 000,093,748 | ---- | C] () -- C:\Users\Florian\Afri.jpg
[2012.04.04 12:46:40 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.04.04 12:46:35 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2012.04.04 12:46:35 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2012.03.21 22:35:05 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012.03.21 22:35:05 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2012.03.21 22:35:05 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2012.03.21 22:35:04 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012.03.21 22:35:04 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012.03.21 22:35:04 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012.03.01 10:04:35 | 000,052,748 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.29 21:16:59 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.31 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\.marble
[2012.08.03 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\4 Friends Games
[2012.09.19 21:16:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Ahnenblatt
[2012.09.17 10:58:31 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Alawar
[2012.10.29 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Alawar Stargaze
[2012.09.29 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\AlawarEntertainment
[2012.06.27 16:37:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Amaranth Games
[2012.07.21 13:17:28 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Artifex Mundi
[2012.10.12 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Artogon
[2012.08.10 13:43:11 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Az-Art
[2012.03.25 13:37:36 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Babylon
[2012.06.11 08:58:34 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Big Fish Games
[2012.03.27 18:19:02 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Black Sea Studios
[2012.10.22 10:49:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\BlamGames
[2012.10.16 08:39:07 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Blue Tea Games
[2012.08.04 14:06:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Boomzap
[2012.10.24 09:34:49 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Camel101
[2012.08.30 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CasualMechanics
[2012.04.12 09:31:05 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\cerasus.media
[2012.08.15 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Chayowo Games
[2012.06.24 09:08:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\clear.fi
[2012.03.25 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Complitly
[2012.08.13 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Daedalic Entertainment
[2012.09.15 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DailyMagic
[2012.07.07 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dark Blue Games
[2012.06.02 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DAZ 3D
[2012.10.02 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Deep Shadows
[2012.06.05 13:31:32 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Digital Quarter
[2012.09.10 12:23:47 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Eipix
[2012.05.16 08:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\EleFun Games
[2012.09.11 10:18:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Elephant Games
[2012.05.14 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Enki Games
[2012.06.13 11:05:08 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Enlightenus
[2012.07.12 11:42:23 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\EntwinedSoD
[2012.09.19 13:45:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ERS Game Studios
[2012.09.13 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileZilla
[2012.08.21 12:34:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Flood Light Games
[2012.03.26 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Floodlight Games
[2012.09.05 09:28:43 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FlowerOfImmortality
[2012.03.01 15:06:36 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FoozKids
[2012.08.21 07:53:45 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Freeze Tag
[2012.06.04 07:25:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Friday's games
[2012.09.20 09:30:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Funlinker
[2012.08.13 07:15:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Fuzzy Bug Interactive
[2012.10.26 10:41:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GameDevo
[2012.07.06 14:51:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GameInvest
[2012.09.07 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Gamelab
[2012.08.10 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GameMill Entertainment
[2012.03.08 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Games
[2012.10.24 09:34:44 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GarageGames
[2012.05.21 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Ghost Ship Studios
[2012.05.31 08:07:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GO Games
[2012.11.02 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Gogii
[2012.08.21 16:16:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0
[2012.08.10 08:34:49 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Gunnar Games
[2012.03.27 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\HitPoint Studios
[2012.03.23 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\inkscape
[2012.08.23 13:23:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Jane s Hotel 3
[2012.08.23 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Jetdogs Studios
[2012.03.20 11:24:22 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\JoyBits
[2012.08.18 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Lazy Turtle Games
[2012.03.17 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Leadertech
[2012.04.28 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\LucasArts
[2012.07.21 11:34:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MA2
[2012.09.14 08:30:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Mad Head Games
[2012.03.28 08:50:28 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MagicIndie
[2012.04.03 10:24:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Mariaglorum
[2012.08.04 06:30:23 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Meridian93
[2012.10.23 07:53:05 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MumboJumbo
[2012.08.02 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\My Games
[2012.08.04 13:53:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Namco
[2012.08.09 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Natural Threat.Ominous Shores
[2012.04.27 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Notepad++
[2012.09.11 11:36:42 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Oberon Games
[2012.09.24 13:44:36 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Oberon Media
[2012.02.24 15:20:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OEM
[2012.05.07 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenCandy
[2012.02.24 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org
[2012.05.05 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Opera
[2012.08.18 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Orneon
[2012.05.21 10:32:34 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\PlayFavoriteGames
[2012.09.27 12:53:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\PlayPond
[2012.09.11 11:25:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\PoBros
[2012.10.02 13:35:08 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Princess Isabella
[2012.05.25 18:42:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\RenPy
[2012.10.02 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\SecondLife
[2012.08.18 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\sekrbfgde
[2012.10.29 13:29:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Seven Sails
[2012.07.30 17:13:28 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ShamanGS
[2012.10.29 11:43:16 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Silverback Productions
[2012.11.05 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Skunk Studios
[2012.10.01 17:15:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\SMIGames
[2012.09.25 09:29:00 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Specialbit
[2012.10.25 10:14:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\SulusGames
[2012.08.31 10:03:08 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Supermarket Mania 2
[2012.10.22 12:26:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\tabagames
[2012.08.06 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Ten Heavens
[2012.05.14 09:15:05 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Top Evidence
[2012.09.21 09:18:59 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TrickySoftware
[2012.04.19 13:35:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Trillian
[2012.04.05 13:21:18 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Twilight Games
[2012.10.27 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\URSE Games
[2012.06.01 09:21:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\VampireSagaHL
[2012.10.27 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Vast Studios
[2012.04.04 09:34:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\VendelGAMES
[2012.09.20 09:33:23 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Vogat Interactive
[2012.09.05 11:47:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\WildTangent
[2012.03.14 13:21:59 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Windows Live Writer
[2012.09.26 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\World-LooM
[2012.03.20 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\YoudaGames
[2012.08.30 08:06:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:5E9B629B
@Alternate Data Stream - 378 bytes -> C:\ProgramData\Temp:98838593
@Alternate Data Stream - 350 bytes -> C:\ProgramData\Temp:804A4210
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AD2DB2F9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:AC64D9E9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:80253E8D
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:35501BA4
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:319D783D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:DF5ABA3D
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:84C34762
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:02CC0035
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:43F5FA9D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D1FD226D
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C900B47A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:244E4E3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0F64164E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:00D99749
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DB2748F7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3F266659
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:27A88EF2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:FFC3922F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:FDEE14AC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C178954A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4A8EB1C4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:94A31742
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:8F76671E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:164561C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:795F6DEC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6CF828C2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:183A9046
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0ED1C542
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FD11E093
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BCFEA004
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B3211C67
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A798AA1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6ECE93A8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5E148FDA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:70BDB805
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:1C201DEB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:9195103F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:78857621
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:474022C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BEF18713
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BECA50FF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:98CD9221
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:77B64C59
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:092BD83A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1410612
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8855A119
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:404908B5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:B8791731
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:9338F136
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6AF6BB0E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:53F09A92
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CB8C8B5D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C82CA1C0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BBC9C1EB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:52C24010
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0C1258F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C3A047E3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A8ADEA55
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2C86E2AD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2A615C9C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:6F0B6A5A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56FBA78D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:398EFF0F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2F70C0B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12D21A9A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:114C90CA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D621CFB8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:905BCB57
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F9F58B80
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:EE2DD6CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:18E3BAF3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:2B40A7DB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:1B96CF22
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:16F4BC64
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:43CBFAB2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F860DBFD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:021703B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E8AEB2BF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:97AAB7F2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42FABF7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:65137F0D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:70989864
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C2F24DB5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E40AB54F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A4241298
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:702A7F20
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6677D85A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:2BBC2A87
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:15752405
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:1A5822A3
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:10D98D98
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D

< End of report >

Alt 06.11.2012, 18:12   #2
markusg
/// Malware-holic
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.11.06 15:18:37 | 000,106,496 | RHS- | M] () -- C:\Users\Florian\AppData\Roaming\netsh7.dll
O4 - HKCU..\Run: [nwck] C:\Users\Florian\AppData\Roaming\netsh7.dll ()
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.


Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________
Alt 06.11.2012, 18:24   #3
Thure
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten


Beim Neustart kam folgende Textdatei:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Florian\AppData\Roaming\netsh7.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nwck deleted successfully.
File C:\Users\Florian\AppData\Roaming\netsh7.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56468 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Florian
->Flash cache emptied: 252661 bytes
 
User: Florian_2
->Flash cache emptied: 56543 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Florian
->Temp folder emptied: 44141988 bytes
->Temporary Internet Files folder emptied: 138098602 bytes
->Java cache emptied: 13583209 bytes
->FireFox cache emptied: 127694863 bytes
->Opera cache emptied: 12998718 bytes
->Flash cache emptied: 0 bytes
 
User: Florian_2
->Temp folder emptied: 207497 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 340298161 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 10880967 bytes
 
Total Files Cleaned = 657,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11062012_181452

Files\Folders moved on Reboot...
C:\Users\Florian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\master10951 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Ich habe die Datei hochgeladen, war es richtig?

Zu GetInfo:

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1cca6ea,dwLowDateTime = 0x6af42164
System32:			 dwHighDateTime = 0x1c7c427,dwLowDateTime = 0x1f6db2c0
dwSerialNumber = 0xd0ce900b
Eine PN kommt gleich.

PS: Achja... Momentan tritt der Fehler nichtmehr auf.
__________________
Alt 06.11.2012, 19:02   #4
markusg
/// Malware-holic
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten


danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google verweist auf falsche Seiten
adobe, antivir, autorun, avg, avira, babylontoolbar, bho, bingbar, black, dealply, error, explorer, firefox, flash player, format, freeze, google, helper, home, logfile, mozilla, online games, plug-in, realtek, registry, scan, secrets, security, software, symantec, temp, windows


« McAfee Viren,Trojaner Isolieren Fehlgeschlagen Löschen ist nicht möglich C:Windows\assembly\GAC_32\Desktop.ini | Skriptfehler beim anschließen der externen Festplatte »


Ähnliche Themen: Google verweist auf falsche Seiten


  1. Google öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (20)
  2. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 08.01.2013 (18)
  3. (2x) Google läd falsche Seiten
    Mülltonne - 15.08.2012 (1)
  4. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  5. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (4)
  6. google verweist auf falsche seiten
    Log-Analyse und Auswertung - 15.09.2011 (1)
  7. Google lenkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)
  8. Google verweist auf falsche Seiten / Block durch Firefox
    Log-Analyse und Auswertung - 15.12.2010 (19)
  9. Google verweist auf falsche Seiten
    Log-Analyse und Auswertung - 15.04.2010 (2)
  10. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 13.08.2009 (2)
  11. Google verlinkt auf falsche Seiten (auch p****seiten)T_T
    Plagegeister aller Art und deren Bekämpfung - 22.05.2009 (2)
  12. Google zeigt falsche Seiten an
    Log-Analyse und Auswertung - 15.02.2009 (3)
  13. Falsche Seiten bei Google und Co
    Mülltonne - 21.12.2008 (0)
  14. Google verweist auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 21.12.2008 (1)
  15. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (11)
  16. Falsche Seiten bei Google
    Log-Analyse und Auswertung - 14.08.2007 (1)
  17. Falsche Seiten bei Google
    Mülltonne - 14.08.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Google verweist auf falsche Seiten - Also. Mein Google verweist mich auf komplett andere Seiten, wenn ich etwas Suche und das Ergebnis anklicke. Sehr makaber. Mal der OTL-Bericht: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created - Google verweist auf falsche Seiten...
Archiv
Du betrachtest: Google verweist auf falsche Seiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19