Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um

Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um


Log-Analyse und Auswertung: Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.01.2012, 14:31   #1
cananga
 
Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um - Standard

Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um


Nach Beseitigung des Rogue Viruses "System Check" werden die bei Google aufgelisteten Links auf andere Seiten umgeleitet. Google-Search im Firefox Startfenster funktioniert auch nicht mehr und oben rechts werden keine Suchmaschinen angezeigt. Auch nach Neuinstallation von Firefox und Java-Update mit Anwendung von Rajava keine Änderung!

Hier der OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2012 14:03:54 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\mustermann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 85,61% Memory free
7,34 Gb Paging File | 7,02 Gb Available in Paging File | 95,69% Paging File free
Paging file location(s): C:\pagefile.sys 5362 5362 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,16 Gb Total Space | 56,83 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 263,25 Gb Total Space | 211,98 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive E: | 101,35 Gb Total Space | 61,38 Gb Free Space | 60,56% Space Free | Partition Type: NTFS
Drive G: | 38,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: FAT32
Drive J: | 1397,26 Gb Total Space | 404,49 Gb Free Space | 28,95% Space Free | Partition Type: NTFS
 
Computer Name: HAL9000 | User Name: mustermann | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 16:30:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mustermann\Desktop\OTL.exe
PRC - [2011.12.28 13:57:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.09 14:09:57 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009.02.15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.28 13:57:17 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2004.09.08 13:45:58 | 000,368,128 | ---- | M] () -- C:\Program Files\Filzip\fzshext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.22 14:20:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.11.22 14:20:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.25 11:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2009.02.15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.19 14:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.12.10 18:29:50 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.22 14:20:32 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.22 14:20:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.11.22 14:20:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.09 14:22:25 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2011.11.09 14:22:24 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2011.11.09 14:22:24 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2011.10.26 04:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.08.30 10:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.08.17 11:18:00 | 000,064,896 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011.08.17 11:18:00 | 000,045,056 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2011.08.05 18:24:24 | 000,068,208 | ---- | M] (MOTU, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mawwave.sys -- (MAWWAVE)
DRV - [2011.08.05 18:24:22 | 000,348,272 | ---- | M] (MOTU, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motuaw.sys -- (motuaw)
DRV - [2011.07.06 11:16:08 | 004,137,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2010.10.28 15:58:44 | 000,272,232 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.02.15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008.11.17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8D B3 45 C2 B5 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.22 19:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.21 15:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.01.22 19:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mustermann\Application Data\Mozilla\Extensions
[2012.01.23 14:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mustermann\Application Data\Mozilla\Firefox\Profiles\o76gy4nw.default\extensions
[2012.01.22 19:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.22 19:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2012.01.22 16:03:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RESTGERäUSCH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O76GY4NW.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RESTGERäUSCH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O76GY4NW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.12.28 13:57:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2008.04.14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BB3E126-83DC-4F45-ACB2-76C53F2377FF}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.08 16:21:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29743724-2355-11e1-ad28-50e5495586a9}\Shell - "" = AutoRun
O33 - MountPoints2\{29743724-2355-11e1-ad28-50e5495586a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{29743724-2355-11e1-ad28-50e5495586a9}\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.23 17:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Local Settings\Application Data\Sun
[2012.01.23 16:34:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mustermann\Desktop\OTL.exe
[2012.01.23 16:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.23 16:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.23 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.23 15:45:06 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\mustermann\Desktop\esetsmartinstaller_enu.exe
[2012.01.23 15:45:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mustermann\Desktop\TFC.exe
[2012.01.23 15:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Desktop\JavaRa
[2012.01.22 22:49:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2012.01.22 22:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012.01.22 22:49:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012.01.22 22:21:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.22 19:24:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mustermann\Recent
[2012.01.22 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Application Data\Mozilla
[2012.01.22 17:11:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.22 16:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Application Data\Mozilla(2)
[2012.01.22 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.21 14:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Local Settings\Application Data\Identities
[2012.01.21 14:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\My Documents\Business
[2012.01.12 13:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Desktop\Kulturwerk Halle NEUN
[2012.01.07 18:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Music
[2012.01.07 18:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Start Menu\Programs\Music
[2012.01.06 16:02:37 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2012.01.06 16:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2012.01.06 15:56:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mustermann\My Documents\My Videos
[2012.01.06 15:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Application Data\MAGIX
[2012.01.06 15:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Local Settings\Application Data\Xara
[2012.01.06 15:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2012.01.06 15:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2012.01.06 15:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.01.05 19:18:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mustermann\Start Menu\Programs\Administrative Tools
[2012.01.05 19:16:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.01.05 16:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\My Documents\My Music
[2012.01.04 17:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\My Documents\Native Instruments
[2012.01.04 17:44:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E648CD4D-3307-4213-89B2-9C0E20C77202}
[2012.01.04 17:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012.01.04 17:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2012.01.04 15:31:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012.01.03 01:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\My Documents\Traktor3
[2012.01.03 01:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011.12.28 18:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011.12.28 18:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Local Settings\Application Data\Oblivion
[2011.12.28 15:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mustermann\Application Data\Nero
[2011.12.28 15:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011.12.28 15:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011.12.28 15:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 14:02:45 | 000,350,197 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.01.24 14:02:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.24 14:01:54 | 001,120,356 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2012.01.24 13:58:58 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2012.01.23 17:04:02 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\mustermann\defogger_reenable
[2012.01.23 16:06:45 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.23 16:06:45 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.23 16:06:43 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\Filzip.ini
[2012.01.23 15:44:30 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\mustermann\Desktop\esetsmartinstaller_enu.exe
[2012.01.23 15:43:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mustermann\Desktop\TFC.exe
[2012.01.22 22:46:13 | 000,004,212 | RH-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012.01.22 19:26:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.22 16:35:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mustermann\Desktop\b8uwvl8q.exe
[2012.01.22 16:30:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mustermann\Desktop\OTL.exe
[2012.01.22 16:26:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\mustermann\Desktop\Defogger.exe
[2012.01.22 15:47:00 | 000,224,365 | ---- | M] () -- C:\Documents and Settings\mustermann\Desktop\bookmarks-2012-01-22.json
[2012.01.21 15:56:49 | 000,223,252 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090367.pdf
[2012.01.21 15:55:11 | 000,223,435 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090366.pdf
[2012.01.21 15:54:15 | 000,224,278 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090365.pdf
[2012.01.12 13:32:52 | 000,226,437 | ---- | M] () -- C:\Documents and Settings\mustermann\Desktop\Kulturwerk9 technisches Personal.odt
[2012.01.09 17:43:56 | 000,011,640 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012.01.09 16:43:30 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\mustermann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.09 14:38:53 | 000,223,368 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090363.pdf
[2012.01.08 18:06:21 | 000,223,434 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090364.pdf
[2012.01.06 17:11:21 | 001,493,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.03 01:25:49 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2012.01.01 17:35:50 | 000,023,518 | ---- | M] () -- C:\Documents and Settings\mustermann\Desktop\skyrim.odt
[2011.12.29 16:11:21 | 000,225,347 | ---- | M] () -- C:\Documents and Settings\mustermann\My Documents\Angebot Nr.2009032416.pdf
[2011.12.28 18:58:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
 
========== Files Created - No Company Name ==========
 
[2012.01.23 17:01:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mustermann\Desktop\b8uwvl8q.exe
[2012.01.23 17:00:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\mustermann\Desktop\Defogger.exe
[2012.01.23 16:06:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2012.01.22 22:50:00 | 000,004,212 | RH-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2012.01.22 22:49:51 | 000,350,197 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.01.22 16:26:46 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\mustermann\defogger_reenable
[2012.01.22 15:47:00 | 000,224,365 | ---- | C] () -- C:\Documents and Settings\mustermann\Desktop\bookmarks-2012-01-22.json
[2012.01.22 14:25:32 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\mustermann\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012.01.21 15:56:45 | 000,223,252 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090367.pdf
[2012.01.21 15:55:07 | 000,223,435 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090366.pdf
[2012.01.21 15:54:11 | 000,224,278 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090365.pdf
[2012.01.08 18:06:18 | 000,223,434 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090364.pdf
[2012.01.08 18:05:32 | 000,223,368 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Rechnung Nr.2009090363.pdf
[2012.01.06 16:02:37 | 000,007,103 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.01.05 19:16:54 | 000,011,640 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012.01.03 00:59:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2012.01.01 17:09:54 | 000,023,518 | ---- | C] () -- C:\Documents and Settings\mustermann\Desktop\skyrim.odt
[2011.12.29 15:56:37 | 000,225,347 | ---- | C] () -- C:\Documents and Settings\mustermann\My Documents\Angebot Nr.2009032416.pdf
[2011.12.28 18:58:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011.12.14 10:57:48 | 000,033,533 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe
[2011.12.14 10:54:10 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.14 10:51:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011.12.14 10:46:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\mustermann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.10 03:22:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI
[2011.12.09 00:51:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.12.08 17:21:27 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2011.12.08 17:13:57 | 000,123,139 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2011.12.08 17:13:57 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2011.12.08 17:13:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011.12.08 17:13:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.08 17:12:33 | 001,493,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.08 16:39:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.08 16:39:01 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.12.08 16:36:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.12.08 16:36:15 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.12.08 16:36:15 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.12.08 16:36:15 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.12.08 16:23:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.12.08 16:19:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.09 14:12:01 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2008.04.14 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 12:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 12:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.03.01 20:18:37 | 000,244,224 | ---- | C] () -- C:\WINDOWS\System32\gc.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.12.09 01:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011.12.12 13:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2012.01.21 16:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2012.01.04 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011.12.11 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012.01.04 17:44:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E648CD4D-3307-4213-89B2-9C0E20C77202}
[2011.12.12 13:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\Buhl Data Service
[2011.12.12 14:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\Buhl Data Service GmbH
[2011.12.15 22:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\Foxit Software
[2012.01.06 15:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\MAGIX
[2011.12.08 18:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\OpenOffice.org
[2011.12.08 17:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\Thunderbird
[2011.12.11 22:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\Ubisoft
[2012.01.23 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mustermann\Application Data\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.08 17:09:38 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.09 23:13:57 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012.01.23 16:11:46 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012.01.21 13:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011.12.08 16:28:31 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.23 16:18:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.09 21:57:39 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.08 16:24:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.23 16:18:13 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.11.09 14:09:43 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.11.09 14:09:43 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\system32\drivers\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.11.09 14:09:57 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2011.11.09 14:09:57 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 12:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 12:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008.04.14 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.11.09 14:11:37 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2011.11.09 14:11:37 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.09 14:11:35 | 001,867,904 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---

Im Anhang GMER und disfogger Logfiles...

Grüße

Cananga

 

Themen zu Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um
antivir, application/pdf, application/pdf:, avira, beseitigung, bho, bonjour, browser, browser hijacker, explorer, firefox, format, google, google suchergebnisse, helper, hijack, java-update, langs, leitet, logfile, mbamservice.exe, mozilla, mozilla thunderbird, opera, plug-in, realtek, registry, required, rundll, scan, seiten, software, startfenster, suchmaschine, system, version=1.0, win32k.sys, winlogon.exe


« trojanische Pferd TR/Kazy.53528 | Zustand nach BKA-Scheiß - kein vertrauen ins system mehr »


Ähnliche Themen: Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um


  1. Win 7: Google Chrome/Mozilla firefox lässt vermehrt Werbung auf Webseiten zu & Google Suchergebnisse scheinen manipuliert zu sein
    Log-Analyse und Auswertung - 29.04.2014 (8)
  2. Windows 8.1 / Firefox leitet von Google auf Yahoo um (Aztec Media)
    Plagegeister aller Art und deren Bekämpfung - 10.04.2014 (9)
  3. Windows7: Browser Firefox öffnet selbsttätig Werbetabs, leitet Links um auf Werbung
    Log-Analyse und Auswertung - 06.03.2014 (32)
  4. Firefox leitet die URL google.de auf kkiste.com um
    Plagegeister aller Art und deren Bekämpfung - 27.05.2013 (7)
  5. Unerwünschte Suchergebnisse in Google mit Firefox
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (3)
  6. Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um
    Log-Analyse und Auswertung - 05.11.2012 (9)
  7. Google Suchergebnisse/Verlinkungen können nicht mehr geöffnet werden (Win7, Firefox)
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (7)
  8. Browser leitet Links von Google um und führt Seiten teilweise garnicht aus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (3)
  9. Google leitet Suchergebnisse auf andere Seiten um und Rechner spielt unverlangt Hintergrundmusik ab
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (1)
  10. Virus eingefangen , Browser leitet nach google suche auf falsche seite weiter
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (19)
  11. Google Suchergebnisse (Firefox) leiten manchmal über search.pro falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (17)
  12. Google leitet auf andere Suchmaschienen um (Firefox und Explorer)
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (28)
  13. firefox leitet bei google suchergebnissen auf werbung weiter
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (22)
  14. Firefox leitet bei google auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 10.03.2010 (1)
  15. Google leitet um, Browser stürtzen oft ab, PC hängt- Scan gemacht, wie weiter?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (38)
  16. Browser Hijack - Explorer und Firefox öffnen bei Google-Links falsche Seiten
    Log-Analyse und Auswertung - 27.03.2009 (4)
  17. Google leitet Suchergebnisse um
    Log-Analyse und Auswertung - 16.12.2008 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um - Nach Beseitigung des Rogue Viruses "System Check" werden die bei Google aufgelisteten Links auf andere Seiten umgeleitet. Google-Search im Firefox Startfenster funktioniert auch nicht mehr und oben rechts werden keine - Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um...
Archiv
Du betrachtest: Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131