Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Umleitung auf fremde Seiten beim Anklicken von Googlelinks

Umleitung auf fremde Seiten beim Anklicken von Googlelinks


Plagegeister aller Art und deren Bekämpfung: Umleitung auf fremde Seiten beim Anklicken von Googlelinks

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.02.2013, 16:56   #1
lockerbummel
 
Umleitung auf fremde Seiten beim Anklicken von Googlelinks - Standard

Umleitung auf fremde Seiten beim Anklicken von Googlelinks


Hallo zusammen,

ich habe seit kurzer Zeit das Problem, dass ich manchmal beim anklicken von Googlesuchergebnissen auf fremde Seiten weitergeleitet werde. Das Problem tritt jedoch nicht ständig auf, sondern eher selten und "zufällig".
Ich bin im Moment im Ausland und war viel in dem Wlan Netzwerk von meinem Hostel unterwegs. Ich war auf Wohnungssuche und habe viele Anzeigen und Fotos angeklickt und geöffnet. Da ist wahrscheinlich schon klar woher das Problem kommt (ich bin jetzt aber in einem Heimnetzwerk unterwegs).

Nach auftreten des Problems habe ich mein System mit Avira Free Antivirus gescannt, es gab jedoch keine Funde. Dann habe ich noch einen Scan mit Spybot 2 gemacht und auch ein paar Funde erhalten. Sie wurden jedoch nicht als extrem kritisch eingestuft, ich habe dann die Problembehebungsfunktion des Programms genutzt. Im Nachhinein wurde ich jedoch weiterhin bei der Googlesuche umgeleitet.
Die Umleitung tritt aber wie gesagt nicht ständig, sondern eher ab und an auf, in meiner persönlichen Wahrnehmung auch seltener.

Ich würde mich freuen wenn ich von einem Experten Hilfe bekommen könnte und sich jemand mein System einmal ansieht. Ich habe Anleitung für Hilfesuchende durchgeführt und jetzt die Logfiles posten (bei Defogger habe ich keine Fehlermeldung bekommen).
Hier jetzt die die Logfiles:

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.02.2013 15:53:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,78% Memory free
15,80 Gb Paging File | 14,22 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,18 Gb Total Space | 6,21 Gb Free Space | 18,18% Space Free | Partition Type: NTFS
Drive F: | 114,77 Gb Total Space | 78,66 Gb Free Space | 68,53% Space Free | Partition Type: NTFS
 
Computer Name: LOCKERBAUMELN | User Name: locker baumeln | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.13 15:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
PRC - [2013.02.12 18:49:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 18:48:56 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 18:48:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.08 07:39:08 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.11.08 07:39:08 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.07.05 14:56:24 | 000,052,800 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.11 16:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.12 18:49:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 18:48:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.09 21:32:30 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 12:14:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.11 16:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.04.07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009.10.05 17:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.13 20:54:00 | 000,295,984 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 A9 5F 92 A3 EE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 12:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 12:14:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 12:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 12:14:43 | 000,000,000 | ---D | M]
 
[2013.01.04 14:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\locker baumeln\AppData\Roaming\mozilla\Extensions
[2013.02.01 20:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\locker baumeln\AppData\Roaming\mozilla\Firefox\Profiles\yyg0842d.default\extensions
[2013.02.01 20:08:43 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\locker baumeln\AppData\Roaming\mozilla\firefox\profiles\yyg0842d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.04 14:33:28 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\locker baumeln\AppData\Roaming\mozilla\firefox\profiles\yyg0842d.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.06 12:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 12:14:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [DVQUMJTR] C:\Users\locker baumeln\AppData\Roaming\chkntfse.dll ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F20BC1DE-C08C-46EB-B280-C7A12FC47F1A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (xe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 15:52:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2013.02.10 23:50:19 | 000,000,000 | ---D | C] -- F:\Eigene Dokumente\Erasmus
[2013.02.09 22:59:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.09 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\locker baumeln\AppData\Local\Diagnostics
[2013.02.06 12:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.05 15:52:41 | 000,000,000 | ---D | C] -- C:\Users\locker baumeln\AppData\Roaming\OpenOffice.org
[2013.02.05 15:52:20 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.02.05 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.02.05 15:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\redist
[2013.02.05 15:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\readmes
[2013.02.05 15:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\licenses
[2013.02.04 23:13:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013.02.04 23:13:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013.02.04 19:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart
[2013.02.04 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2013.02.04 19:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2013.02.04 19:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 12 Free
[2013.02.04 19:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2013.02.04 18:11:23 | 000,000,000 | ---D | C] -- C:\Users\locker baumeln\AppData\Roaming\Skype
[2013.02.04 18:11:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.04 18:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.04 18:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.04 18:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[19 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 15:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2013.02.13 15:50:48 | 000,050,477 | ---- | M] () -- F:\Desktop\Defogger.exe
[2013.02.13 15:49:31 | 000,000,000 | ---- | M] () -- C:\Users\locker baumeln\defogger_reenable
[2013.02.13 15:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 13:02:13 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 13:02:13 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 13:00:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.13 13:00:47 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.13 13:00:47 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.13 13:00:47 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.13 13:00:47 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 12:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 12:53:22 | 2065,715,199 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 11:55:37 | 000,098,304 | RHS- | M] () -- C:\Users\locker baumeln\AppData\Roaming\chkntfse.dll
[2013.02.07 20:26:07 | 000,001,969 | ---- | M] () -- F:\Desktop\Skype.lnk
[2013.02.06 16:30:25 | 000,045,535 | ---- | M] () -- F:\Eigene Dokumente\SP_FW_2010_Prüfung Deutsch.pdf
[2013.02.05 20:15:33 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 22:22:59 | 000,028,623 | ---- | M] () -- F:\Eigene Dokumente\view.pdf
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[19 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 15:50:48 | 000,050,477 | ---- | C] () -- F:\Desktop\Defogger.exe
[2013.02.13 15:49:31 | 000,000,000 | ---- | C] () -- C:\Users\locker baumeln\defogger_reenable
[2013.02.09 11:55:37 | 000,098,304 | RHS- | C] () -- C:\Users\locker baumeln\AppData\Roaming\chkntfse.dll
[2013.02.07 20:26:07 | 000,001,969 | ---- | C] () -- F:\Desktop\Skype.lnk
[2013.02.06 16:30:25 | 000,045,535 | ---- | C] () -- F:\Eigene Dokumente\SP_FW_2010_Prüfung Deutsch.pdf
[2013.02.04 22:22:58 | 000,028,623 | ---- | C] () -- F:\Eigene Dokumente\view.pdf
[2013.02.04 19:42:54 | 000,013,596 | ---- | C] () -- C:\Windows\swsetup.in_
[2012.08.13 10:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2012.08.13 10:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi
[2012.08.13 10:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2012.08.13 10:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.05 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\locker baumeln\AppData\Roaming\OpenOffice.org
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 15:53:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,78% Memory free
15,80 Gb Paging File | 14,22 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,18 Gb Total Space | 6,21 Gb Free Space | 18,18% Space Free | Partition Type: NTFS
Drive F: | 114,77 Gb Total Space | 78,66 Gb Free Space | 68,53% Space Free | Partition Type: NTFS
 
Computer Name: LOCKERBAUMELN | User Name: locker baumeln | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C3CA8-2A15-4A5B-8F25-72B17DA97AD4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0335DDD6-C4FB-40FF-8E8D-3F2FE74B8800}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0795EBBC-BF71-4BBB-B350-54D57FDD9617}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B754E0B-BA98-4ECB-AD43-835856EBA866}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FA93CF4-89DA-4584-B896-9A3A12B0EF97}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25258329-5732-45C1-ACA9-B0067506E006}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4D1372B2-B875-4F12-B1F0-82754E4B9EBB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{527FCCE3-430B-4A3A-88CC-0C6D2056CC07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57983B71-D46E-4B3A-B8EA-0C722956982D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F3574F8-542E-45AC-8B93-F233C0CB55B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A107449C-D49C-43DF-85E4-E83533C8356B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8858E84-CEA6-4324-87AC-28680D545960}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B975E125-403B-435B-99A0-5F11C380D99D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BA60F975-3DDE-492C-B038-F0D8644F916F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BCDBD407-922A-4C17-A09E-CFCA65D8B46B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D08A3379-BE3E-4DAC-A24D-5F1F05B993C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF6618DA-B257-45B5-BB2B-3D0FA0631008}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9E9A707-AA7B-4098-A271-EA4C589322E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F3C7D654-E236-4EAF-937F-00F0C82F7083}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F80F50B3-0DAE-4444-815A-B1E7661131CD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8FFA478-3166-4651-B41D-F0B7653A4C77}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{140C7D94-3F7B-451B-93B6-B82FB03ADF20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AE18499-0AA1-4DE2-B941-BC11CED88A36}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{23F6F728-9704-47AB-9537-84A4BBC5CD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25ABE957-44FB-43B5-8421-C1C91BC1CA81}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{27607959-B469-4BE5-AB54-D45AA552009D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F30FBC8-60C9-4DB1-83EB-DCE830270F46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{589BBB27-9900-4283-9FA6-55816847E3F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5DCBAB4F-D7B7-4563-B786-9F7EEAF6ED7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F986440-6874-45BA-B49C-4F8C87D40B84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{815C0920-2F37-4BB1-A311-B5D2A1FEA4BC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8590C698-B191-45C9-8BBB-7A802DE187E0}" = protocol=6 | dir=out | app=system | 
"{864E05E5-7B91-43EE-9369-0BE092C4013E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BB2D291-B95D-4D43-A345-418AD68E48DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91626617-D06F-407E-A32C-69752469BDB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93E3D1DC-1E23-4C46-8D82-70A8F1B17EF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9617CF81-1681-4A32-A9A7-F14A54D60DD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9F969848-EF8D-4D84-A543-128ADA2533FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A24555A6-6A6C-41E3-92B9-854E025EAE73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9C21029-BBB2-4FA6-984C-ECBA8F18991E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4053842-F5E9-4494-9E49-8ED915973F81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8C6B9E8-3435-4CD0-BFC4-39C7D7541847}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E76A76DB-E530-490E-B38B-686772C40697}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{A7FC674E-751D-4499-9C7E-D472201C0BAD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{F26657AE-9088-40AF-A335-AB79BCE836FF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{2559B0A3-E0E9-457D-A11A-F9BFAD40AE07}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{37A2326C-FBD1-4973-9D99-1C9EF2890E74}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 12 Free
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Hardcopy" = Hardcopy
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2013 16:12:15 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 19:43:06 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2013 05:13:06 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2013 16:59:04 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 04:25:10 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 06:43:54 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 14:28:47 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 05:54:48 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 13:43:03 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 07:53:34 | Computer Name = lockerbaumeln | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 09.02.2013 17:55:29 | Computer Name = lockerbaumeln | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 11.02.2013 09:03:31 | Computer Name = lockerbaumeln | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 21.01.2013 16:30:49 | Computer Name = lockerbaumeln | Source = bowser | ID = 8003
Description = 
 
Error - 22.01.2013 14:58:20 | Computer Name = lockerbaumeln | Source = bowser | ID = 8003
Description = 
 
Error - 22.01.2013 15:10:23 | Computer Name = lockerbaumeln | Source = bowser | ID = 8003
Description = 
 
Error - 22.01.2013 15:19:54 | Computer Name = lockerbaumeln | Source = bowser | ID = 8003
Description = 
 
Error - 31.01.2013 14:34:44 | Computer Name = lockerbaumeln | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 31.01.2013 14:46:47 | Computer Name = lockerbaumeln | Source = bowser | ID = 8003
Description = 
 
Error - 04.02.2013 13:32:05 | Computer Name = lockerbaumeln | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.02.2013 10:45:01 | Computer Name = lockerbaumeln | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?02.?2013 um 15:43:15 unerwartet heruntergefahren.
 
Error - 07.02.2013 11:54:45 | Computer Name = lockerbaumeln | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?02.?2013 um 16:13:54 unerwartet heruntergefahren.
 
Error - 08.02.2013 14:59:22 | Computer Name = lockerbaumeln | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
--- --- ---

Gmer
GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 16:28:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.FC2Z 149,05GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\LOCKER~1\AppData\Local\Temp\kftyipod.sys


---- User code sections - GMER 2.0 ----

.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      00000000759a1401 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        00000000759a1419 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      00000000759a1431 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      00000000759a144a 2 bytes [9A, 75]
.text   ...                                                                                                                               * 9
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17         00000000759a14dd 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  00000000759a14f5 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17         00000000759a150d 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  00000000759a1525 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        00000000759a153d 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17             00000000759a1555 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      00000000759a156d 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        00000000759a1585 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17           00000000759a159d 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        00000000759a15b5 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      00000000759a15cd 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000759a16b2 2 bytes [9A, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  00000000759a16bd 2 bytes [9A, 75]

---- Threads - GMER 2.0 ----

Thread  C:\Windows\SysWOW64\rundll32.exe [968:3092]                                                                                       00000000002752c0
Thread  C:\Windows\SysWOW64\rundll32.exe [968:3096]                                                                                       00000000001d3a80
Thread  C:\Windows\SysWOW64\rundll32.exe [968:3144]                                                                                       00000000001d3a10
Thread  C:\Windows\SysWOW64\rundll32.exe [968:3500]                                                                                       0000000000315cfe
Thread  C:\Windows\SysWOW64\rundll32.exe [968:3696]                                                                                       0000000000312ea6
Thread  C:\Windows\SysWOW64\rundll32.exe [968:3708]                                                                                       00000000003133de

---- Registry - GMER 2.0 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cfeb11                                                       
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cfeb11 (not active ControlSet)                                   

---- Files - GMER 2.0 ----

File    C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0c65d9c0-1c4b-4ef0-8b2e-e14d16d6435c}                             0 bytes
File    C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0c65d9c0-1c4b-4ef0-8b2e-e14d16d6435c}\snapshot.etl                901120 bytes
File    C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{fa4e7a5f-05ff-415b-a487-ce7cb5469c5a}                             0 bytes
File    C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{fa4e7a5f-05ff-415b-a487-ce7cb5469c5a}\snapshot.etl                1474560 bytes
File    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{734460da-78b0-41e4-a25c-8db468911cdc}                             0 bytes
File    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{734460da-78b0-41e4-a25c-8db468911cdc}\snapshot.etl                262144 bytes
File    C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{228d09ba-a791-4033-9e5c-909cbaa9e1dc}                             0 bytes
File    C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{228d09ba-a791-4033-9e5c-909cbaa9e1dc}\snapshot.etl                868352 bytes
File    C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{631b452b-49ef-4a50-aeec-148888037dee}                             0 bytes
File    C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{631b452b-49ef-4a50-aeec-148888037dee}\snapshot.etl                1474560 bytes

---- EOF - GMER 2.0 ----
--- --- ---

Vielen Dank im Vorraus, wenn weitere Infos von mir nötig sind liefere ich sie natürlich fix nach
Saludos

 

Themen zu Umleitung auf fremde Seiten beim Anklicken von Googlelinks
7-zip, adobe, adobe reader xi, antivirus, autorun, avira, error, explorer, fehlermeldung, firefox, flash player, format, install.exe, lenovo, mozilla, netzwerk, problem, registry, rundll, security, software, svchost.exe, system, udp, win32/ponmocup.gb, windows, wlan


« runcft.ink im Autostart | Unbekannte Datei auf USB-Stick - Virus? »


Ähnliche Themen: Umleitung auf fremde Seiten beim Anklicken von Googlelinks


  1. IE und Google Chrome öffnen beim anklicken ständig zusätzlich andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (7)
  2. Fremde Seiten im Browserverlauf
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (11)
  3. Firefox: Bei Anklicken von Links nach Google-Suche erfolgt Umleitung auf Werbeseiten
    Log-Analyse und Auswertung - 12.07.2013 (13)
  4. IExplorer öffnet bei Googlelinks falsche Seiten
    Log-Analyse und Auswertung - 28.05.2013 (37)
  5. Ihavenet - Googlelinks enden auf anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (4)
  6. Google leitet mich beim Anklicken der Ergenislinks auf bösartige Seiten weiter (lt. Avast)
    Log-Analyse und Auswertung - 04.10.2012 (15)
  7. (2x) Anklicken nach Google-Suche führt auf falsche Seiten
    Mülltonne - 10.08.2012 (2)
  8. Anklicken nach Google-Suche führt auf falsche Seiten
    Log-Analyse und Auswertung - 10.08.2012 (1)
  9. Umleitung auf fremde URLs bei Google-Suche
    Log-Analyse und Auswertung - 26.01.2012 (1)
  10. Googlelinks führen zu nicht erwünschten Seiten
    Log-Analyse und Auswertung - 24.01.2012 (33)
  11. Umleitung bei Google über "Thealltimes.com" auf fremde Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (10)
  12. Trojaner: Umleitung nach Suchmaschine in FF & IE auf fremde Seiten
    Log-Analyse und Auswertung - 25.08.2011 (9)
  13. Googlelinks enden beim erstem Klick in Werbung
    Log-Analyse und Auswertung - 23.06.2011 (1)
  14. Google Suchergebnisse leiten beim Klick auf völlig fremde Seiten weiter (meist Werbung)
    Log-Analyse und Auswertung - 20.05.2011 (9)
  15. Werde bei Googlelinks auf andere Seiten geleitet
    Log-Analyse und Auswertung - 21.04.2011 (1)
  16. Ich lande seit ein paar Tagen beim anklicken von Links immer auf anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (9)
  17. Umleitung auf fremde Seiten bei Google
    Log-Analyse und Auswertung - 06.05.2009 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Umleitung auf fremde Seiten beim Anklicken von Googlelinks - Hallo zusammen, ich habe seit kurzer Zeit das Problem, dass ich manchmal beim anklicken von Googlesuchergebnissen auf fremde Seiten weitergeleitet werde. Das Problem tritt jedoch nicht ständig auf, sondern eher - Umleitung auf fremde Seiten beim Anklicken von Googlelinks...

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:14 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Umleitung auf fremde Seiten beim Anklicken von Googlelinks auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19