Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
Loganalyse meines Trojaner (Firefoxproblem)

Loganalyse meines Trojaner (Firefoxproblem)


Mülltonne: Loganalyse meines Trojaner (Firefoxproblem)

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 07.10.2012, 14:55   #1
opfer-2012
 
Loganalyse meines Trojaner (Firefoxproblem) - Standard

Loganalyse meines Trojaner (Firefoxproblem)


Hallo. Wie in meinem letzten post beschrieben, habe ich einen Virus/Trojaner:
hxxp://www.searchnu.com/413?tag=newtab
Auf Eure Antwort habe ich nun folgendes getan:
1.Malwarebyte als Admin ausgeführt
Hier die Txt-Datei:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
michael :: BÜRO [Administrator]

07.10.2012 12:09:21
mbam-log-2012-10-07 (14-53-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 608863
Laufzeit: 1 Stunde(n), 48 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\michael\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.

(Ende)

2. OTL Vollscan
Hier die Txt:
OTL logfile created on: 10/7/2012 3:08:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michael\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.25 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 56.17% Memory free
6.49 Gb Paging File | 4.93 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150.00 Gb Total Space | 54.72 Gb Free Space | 36.48% Space Free | Partition Type: NTFS
Drive D: | 150.00 Gb Total Space | 85.87 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
Drive E: | 244.14 Gb Total Space | 177.76 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
Drive F: | 315.76 Gb Total Space | 226.27 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
Drive L: | 3.80 Gb Total Space | 2.76 Gb Free Space | 72.61% Space Free | Partition Type: FAT32
Drive M: | 3.72 Gb Total Space | 3.57 Gb Free Space | 95.88% Space Free | Partition Type: FAT32
Drive N: | 1.88 Gb Total Space | 1.51 Gb Free Space | 80.19% Space Free | Partition Type: FAT
Drive O: | 7.52 Gb Total Space | 4.46 Gb Free Space | 59.30% Space Free | Partition Type: FAT32
Drive P: | 7.52 Gb Total Space | 7.52 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Computer Name: BÜRO | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\michael\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\FBWMgr.exe ()
PRC - C:\Programme\Hotspot Shield\bin\fbw.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpn.exe ()
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Programme\Hotspot Shield\bin\FBWMgr.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()


========== Services (SafeList) ==========

SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe ()
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.8
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.6
FF - prefs.js..extensions.enabledAddons: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.2.0
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: fastdial@telega.phpnet.us:4.2.2
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.4
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/31 19:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/31 19:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/26 05:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/15 18:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/11/30 03:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/25 14:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 17:56:25 | 000,000,000 | ---D | M]

[2012/09/21 08:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions
[2012/09/26 18:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions
[2012/09/21 08:43:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/22 20:45:04 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012/09/17 09:41:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/13 07:02:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/09/25 15:17:51 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\fastdial@telega.phpnet.us
[2012/06/21 17:40:13 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/20 17:39:37 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\autopager@mozilla.org.xpi
[2012/07/06 15:00:26 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/09/25 15:14:27 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/01/11 16:21:05 | 000,211,765 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
[2012/07/25 17:01:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/26 18:44:18 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/15 12:50:56 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011/03/24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\searchplugins\conduit.xml
[2012/09/21 08:43:39 | 000,002,515 | ---- | M] () -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\searchplugins\Search_Results.xml
[2012/09/25 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/01/28 05:57:46 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/09/15 18:10:41 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011/11/30 03:03:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/01/28 05:57:46 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2012/09/21 08:43:45 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/05 13:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/05 14:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/05 14:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 14:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/05 14:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/21 08:43:39 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/09/05 14:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/05 14:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 09:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (ST Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (ST Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2889133E-DD1A-4C35-81DA-54750AD2E685}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52A12BB1-667C-4F1D-9DBC-19BDE8B44C92}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE01CC9F-057B-4470-B033-8B005E689979}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 09:37:21 | 004,748,656 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\hss-update.upd
[2012/10/03 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Hundeschaden
[2012/09/29 19:26:55 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Guido
[2012/09/26 22:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/26 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Malwarebytes
[2012/09/26 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 18:57:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 18:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/26 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\TeamViewer
[2012/09/26 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Logis
[2012/09/26 09:47:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/26 09:36:52 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astaro SSL VPN Client
[2012/09/26 09:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Astaro
[2012/09/26 08:55:24 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\ICAClient
[2012/09/26 08:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/26 08:54:30 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Citrix
[2012/09/26 08:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2012/09/26 08:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/09/25 14:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/22 09:43:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\default
[2012/09/22 09:29:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 09:29:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 09:29:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 09:29:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 09:29:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 12:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/21 08:43:40 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe
[2012/09/21 08:43:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2012/09/21 08:43:38 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2012/09/21 08:43:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2012/09/21 08:43:38 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX
[2012/09/21 08:43:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL
[2012/09/21 08:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012/09/21 08:43:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2012/09/21 08:43:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2012/09/21 08:43:36 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\FreeFLVConverter
[2012/09/21 08:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2012/09/19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/09/12 18:37:14 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 18:37:14 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2012/10/07 15:09:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 14:58:11 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_michael.job
[2012/10/07 14:57:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 14:57:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 14:57:32 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 14:56:47 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 14:56:47 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 14:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/07 12:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\A3fU5P.dat
[2012/10/07 12:36:49 | 000,000,001 | ---- | M] () -- C:\ProgramData\Ln3X5T47.exe_.b
[2012/10/07 12:36:49 | 000,000,001 | ---- | M] () -- C:\ProgramData\Ln3X5T47.exe.b
[2012/10/07 10:19:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_michael.job
[2012/10/07 09:03:47 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_michael.job
[2012/10/06 09:37:21 | 004,748,656 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\hss-update.upd
[2012/10/05 08:15:52 | 000,655,278 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/10/05 08:15:52 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 08:15:52 | 000,130,478 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/10/05 08:15:52 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/02 10:33:45 | 000,001,755 | ---- | M] () -- C:\Users\michael\AppData\Roaming\SAS7_000.DAT
[2012/09/30 16:53:25 | 003,837,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/26 09:52:52 | 000,002,002 | -H-- | M] () -- C:\Users\michael\Documents\Default.rdp
[2012/09/22 09:36:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/09/22 09:17:29 | 000,001,316 | ---- | M] () -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/09/20 19:47:16 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/20 19:47:16 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/07 12:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\A3fU5P.dat
[2012/10/07 12:36:49 | 000,000,001 | ---- | C] () -- C:\ProgramData\Ln3X5T47.exe_.b
[2012/10/07 12:36:49 | 000,000,001 | ---- | C] () -- C:\ProgramData\Ln3X5T47.exe.b
[2012/10/01 13:14:01 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_michael.job
[2012/10/01 13:14:01 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_michael.job
[2012/10/01 13:14:00 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_michael.job
[2012/09/30 16:53:07 | 003,837,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/29 18:32:10 | 000,049,036 | ---- | C] () -- C:\Users\michael\Desktop\Weil.pdf
[2012/09/26 09:39:29 | 000,002,002 | -H-- | C] () -- C:\Users\michael\Documents\Default.rdp
[2012/09/26 08:55:36 | 000,001,570 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/09/25 14:54:19 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 09:36:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/09/21 08:43:38 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx
[2012/09/21 08:43:38 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb
[2012/09/21 08:43:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx
[2012/01/18 13:45:11 | 000,001,755 | ---- | C] () -- C:\Users\michael\AppData\Roaming\SAS7_000.DAT
[2011/06/23 16:15:28 | 000,012,288 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 09:26:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/13 09:25:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/09 14:25:14 | 000,000,167 | ---- | C] () -- C:\Users\michael\AppData\Roaming\default.rss
[2011/06/09 14:25:14 | 000,000,000 | ---- | C] () -- C:\Users\michael\AppData\Roaming\downloads.m3u
[2011/06/09 13:20:57 | 000,000,000 | ---- | C] () -- C:\Users\michael\AppData\Local\{48F13364-D798-4415-9BF3-4E842D67712E}
[2011/02/03 09:51:07 | 000,019,456 | ---- | C] () -- C:\Users\michael\AppData\Local\WebpageIcons.db
[2011/01/30 15:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/01/24 14:47:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2011/01/24 11:53:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/01/24 07:53:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/01/24 07:53:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/01/24 07:53:01 | 000,130,478 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/01/24 07:53:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

========== ZeroAccess Check ==========

[2009/07/13 16:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 16:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/23 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Ashampoo
[2011/02/02 10:34:40 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Canon
[2011/08/30 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Cocoon Software
[2011/01/24 08:30:34 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Engelmann Media
[2012/09/21 08:43:49 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FreeFLVConverter
[2012/09/26 09:18:26 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ICAClient
[2011/01/24 08:01:54 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Leadertech
[2011/07/31 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MAGIX
[2012/01/18 13:30:08 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Nuance
[2011/07/31 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\RawShellExtender
[2012/09/26 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TeamViewer
[2011/01/24 10:27:17 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TuneUp Software
[2012/10/07 15:13:39 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

Wie kann es jetzt weiter gehen? Was muss ich tun, damit der lässtige Trojaner veschwindet. Vielen Dank im voraus. VG Micha

Alt 08.10.2012, 15:30   #2
M-K-D-B
/// TB-Ausbilder
 
Loganalyse meines Trojaner (Firefoxproblem) - Standard

Loganalyse meines Trojaner (Firefoxproblem)


Servus,


darf man fragen, wieso du t'john nicht direkt in deinem ersten Thema antwortest?

Poste die Logdateien von MBAM und OTL nochmal hier in deinem ursprünglichen Thema:
Trojaner eingefangen



Dieses Thema ist doppelt und wird dicht gemacht.
__________________
 

Themen zu Loganalyse meines Trojaner (Firefoxproblem)
administrator, adobe, adobe flash player, antivirus, autorun, avast, bandoo, bho, conduit, defender, document, explorer, firefox, flash player, format, google, hotspot, installation, logfile, mozilla, nvidia, object, plug-in, programme, registry, senden, software, taskhost.exe, temp, trojaner, wgsdgsdgdsgsd.exe, wmp


« LEGACY - Wichtig: Bitte alle Logs mit Funden posten | Windows 7 Professional 32 Bit durch Virus in Fake-Email beschädigt. »


Ähnliche Themen: Loganalyse meines Trojaner (Firefoxproblem)


  1. Schnelle Auflösung von schrauber bei Firefoxproblem!
    Lob, Kritik und Wünsche - 31.05.2014 (0)
  2. Trojaner an Bord meines Laptops => loardtbs-3.0
    Log-Analyse und Auswertung - 20.06.2013 (13)
  3. Brauche Loganalyse für MyStart Trojaner
    Log-Analyse und Auswertung - 26.11.2012 (21)
  4. Loganalyse C:\Program Files (x86)\BrowserCompanion
    Log-Analyse und Auswertung - 06.09.2012 (1)
  5. Gvu-Trojaner 2.07 auf dem Pc meines Vaters (Win 7 32Bit)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  6. Verschlüsselungstrojaner: Loganalyse nach Entfernen und Entschlüsseln
    Log-Analyse und Auswertung - 06.05.2012 (3)
  7. Metropolitan Police Virus - Loganalyse
    Log-Analyse und Auswertung - 09.12.2011 (5)
  8. [müll] Roter Bildschirm beim Windowsstart:Loganalyse erfolgt
    Mülltonne - 05.10.2011 (4)
  9. instabiles System - b.itte um eine Loganalyse
    Log-Analyse und Auswertung - 31.08.2011 (11)
  10. Metropolitan Police Virus - Loganalyse
    Log-Analyse und Auswertung - 24.07.2011 (4)
  11. Metropolitan Police Virus - Bitte um Loganalyse
    Log-Analyse und Auswertung - 04.07.2011 (12)
  12. Metropolitan Police Virus! Brauche bitte eine Loganalyse!
    Log-Analyse und Auswertung - 29.06.2011 (1)
  13. Windows recovery - leerer Desktop trotz unhide & Loganalyse
    Log-Analyse und Auswertung - 07.05.2011 (19)
  14. Auswertung meines Logfiles nach Trojaner
    Log-Analyse und Auswertung - 16.12.2010 (4)
  15. Trojaner auf Lappi meines Schwagers
    Plagegeister aller Art und deren Bekämpfung - 13.09.2009 (1)
  16. Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse
    Log-Analyse und Auswertung - 23.08.2009 (10)
  17. Trojaner+Antivirus2008 auf Rechner meines Vaters
    Plagegeister aller Art und deren Bekämpfung - 24.07.2008 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Loganalyse meines Trojaner (Firefoxproblem) - Hallo. Wie in meinem letzten post beschrieben, habe ich einen Virus/Trojaner: hxxp://www.searchnu.com/413?tag=newtab Auf Eure Antwort habe ich nun folgendes getan: 1.Malwarebyte als Admin ausgeführt Hier die Txt-Datei: Malwarebytes Anti-Malware 1.65.0.1400 - Loganalyse meines Trojaner (Firefoxproblem)...
Archiv
Du betrachtest: Loganalyse meines Trojaner (Firefoxproblem) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54