|
Plagegeister aller Art und deren Bekämpfung: Google leitet auf ungewünschte Seiten weiter (redirect, jumper)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.02.2011, 16:30 | #1 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Hallo, seit einiger Zeit leitet wird wenn ich etwas mit Google suche sehr häufig auf unerwünschte Seiten weitergeleitet wenn ich ein Suchergebnis anklicke. MBAM hab ich etliche Male durchlaufen lassen, keine Funde. Hab jetzt ComboFix so wie in einem anderen Thread empfohlen angewendet wo jemand dasselbe Problem hat. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-02-09.05 - Fabian 10.02.2011 16:04:21.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3999.2703 [GMT 1:00] ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe C:\readme.txt c:\windows\isRS-000.tmp c:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.exe . ((((((((((((((((((((((( Dateien erstellt von 2011-01-10 bis 2011-02-10 )))))))))))))))))))))))))))))) . 2011-02-10 13:06 . 2011-02-10 13:06 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11 2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\system32\wbem\en-US 2011-02-10 12:09 . 2011-02-10 12:09 -------- d-----w- c:\program files (x86)\Feedback Tool 2011-02-10 09:22 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-02-10 09:22 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-02-10 09:22 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys 2011-02-10 09:22 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll 2011-02-10 09:18 . 2011-01-13 01:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1B9938F-5592-4703-9F7A-2416F8D3C8E2}\mpengine.dll 2011-02-10 09:18 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-10 09:18 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-02-10 09:18 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll 2011-02-10 09:17 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-10 09:17 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-02-10 09:17 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-02-10 09:17 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-02-10 09:17 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-02-10 09:16 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-02-10 09:16 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-02-10 09:16 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-02-10 09:16 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-02-03 15:41 . 2011-02-03 15:48 -------- d-----w- c:\users\Fabian\AppData\Roaming\FileZilla 2011-02-03 15:41 . 2011-02-05 09:45 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2011-02-02 16:20 . 2011-02-10 15:01 -------- d-----w- c:\users\Fabian\AppData\Roaming\ICQ 2011-02-02 16:20 . 2011-02-02 18:13 -------- d-----w- c:\program files (x86)\ICQ7.4 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-01-29 13:23 . 2011-01-29 13:23 -------- d-----w- c:\users\Fabian\AppData\Roaming\Octoshape 2011-01-27 00:08 . 2011-01-27 00:39 -------- d-----w- c:\users\Fabian\AppData\Roaming\DMCache 2011-01-26 09:31 . 2011-01-26 09:31 -------- d-----w- c:\programdata\McAfee 2011-01-26 08:46 . 2011-01-26 08:46 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A964EABD-4B31-4AC2-9F7E-7F0885858CF4}\gapaengine.dll 2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures 2011-01-26 08:29 . 2011-01-26 08:31 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-26 08:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2011-01-12 08:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-10 12:19 . 2010-10-26 07:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-01-13 01:20 . 2010-04-04 20:53 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-20 17:08 . 2010-04-21 13:16 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 13:30 . 2010-12-17 13:30 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys 2010-12-17 13:29 . 2010-12-17 13:29 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2010-12-17 13:29 . 2010-12-17 13:29 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys 2010-12-04 10:19 . 2010-11-16 09:29 88274 ----a-w- c:\programdata\bdinstall.bin 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-02-02 119608] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776] "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-10-05 549384] R2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-27 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-27 35104] R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-06-13 43320] R3 dvblinkcap;DVBLink Capture B90A12CC6C544A961E7028D3A08A2C632551DE3F;c:\windows\system32\DRIVERS\dvblinkcap.sys [2010-04-12 18608] R3 dvblinkcap2;DVBLink Capture 5C3B268ADE2E693A42BFBC49F3EBAF0AD3A57BFE25070C30B60F714F;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2010-04-12 18608] R3 dvblinkcap3;DVBLink Capture 1FC24AFA7DE950B5FDBDA8673412F3883AA61D96F28D057B3111D4B1FDD658C5;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2010-04-12 18608] R3 dvblinkcap4;DVBLink Capture 7A489C6F335339BF1349A65F6FF08BE465CAF3F7F02FAD0941DA1ED685D1245E228F1C238BF13D9691863A377E0231EA;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2010-04-12 18608] R3 dvblinktun;DVBLink Tuner 50700D4E15024598D94DCF7F283840B0F5F20935;c:\windows\system32\DRIVERS\dvblinktun.sys [2010-04-12 20784] R3 dvblinktun2;DVBLink Tuner 6087B55DBA907503F9232E739AD4354E0DF9EA0EFA4808BA55BA79A1;c:\windows\system32\DRIVERS\dvblinktun2.sys [2010-04-12 20784] R3 dvblinktun3;DVBLink Tuner 9E35F72855E3F9D9A737E369D508E65CAF3CE20DABEE2FD07E6D4D6ACD48B96C;c:\windows\system32\DRIVERS\dvblinktun3.sys [2010-04-12 20784] R3 dvblinktun4;DVBLink Tuner 79D1057C34BF015640F64477EE6B73DDB692E0012920629BD513FAF19670B43DB91FC3DB70EE9CA15CDD3CCC9CD3D9DF;c:\windows\system32\DRIVERS\dvblinktun4.sys [2010-04-12 20784] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-17 13352] R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072] R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-27 5435904] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 PORTIO64;PORTIO64;c:\users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys [2008-09-10 4096] R3 sermux;Sierra Wireless Serial MUX;c:\windows\system32\DRIVERS\serialmux.sys [2008-04-22 39168] R3 SwiProt;Sierra Wireless Protocol Driver;c:\windows\system32\DRIVERS\swiprot.sys [2007-05-02 30720] R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2010-01-28 283136] R3 swvspser;MP VSP using Serial MUX;c:\windows\system32\DRIVERS\swvspser.sys [2008-03-04 24064] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688] R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 220696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2009-04-15 654640] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-10 20456] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 havasvc;HAVA Service;c:\program files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-06-16 145408] S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2010-04-13 15008] S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-06-02 380928] S3 havabus;HAVA Bus Enumerator;c:\windows\system32\DRIVERS\havabus.sys [2009-06-16 45056] S3 HAVATV;Hava Video Device;c:\windows\system32\DRIVERS\HAVATV.sys [2009-06-16 343168] S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\DRIVERS\HavaTV_10.sys [2009-06-16 343168] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 scrswix64;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswix64.sys [2010-01-19 27648] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-17 34032] S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 23552] S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-12-08 206848] S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe TCP: {757878C0-41A3-417C-B61B-57FFE80F71D0} = 212.23.97.2 212.23.97.3 TCP: {ECED2042-1EAA-4E40-8867-77FB3BEA6477} = 62.134.11.4 195.182.110.132? FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\p85ul6zo.default\ FF - prefs.js: browser.search.selectedEngine - Google.de FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000] "ImagePath"="system32\DRIVERS\vdrv1000.sys" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Virtual CD v10\System\VC10Tray.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-10 16:20:15 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-10 15:20 Vor Suchlauf: 12 Verzeichnis(se), 423.091.240.960 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 422.546.018.304 Bytes frei - - End Of File - - D842C66222831E89A222FFA0DA31FCD5 |
10.02.2011, 19:41 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Hallo und
__________________CF sollst du erst auf Anweisung hin ausführen!!!! Hinweis zu http://www.trojaner-board.de/95175-combofix.html Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
11.02.2011, 00:04 | #3 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper)PHP-Code: Code:
ATTFilter OTL logfile created on: 11.02.2011 00:08:24 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fabian\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 392,72 Gb Free Space | 84,32% Space Free | Partition Type: NTFS Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe (H+H Software GmbH) PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) PRC - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.) PRC - C:\Program Files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe (Monsoon Multimedia Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (havasvc) -- C:\Program Files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe (Monsoon Multimedia Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV:64bit: - (dvblinktun4) -- C:\Windows\SysNative\drivers\dvblinktun4.sys (DVBLink) DRV:64bit: - (dvblinktun3) -- C:\Windows\SysNative\drivers\dvblinktun3.sys (DVBLink) DRV:64bit: - (dvblinktun2) -- C:\Windows\SysNative\drivers\dvblinktun2.sys (DVBLink) DRV:64bit: - (dvblinktun) -- C:\Windows\SysNative\drivers\dvblinktun.sys (DVBLink) DRV:64bit: - (dvblinkcap4) -- C:\Windows\SysNative\drivers\dvblinkcap4.sys (DVBLink) DRV:64bit: - (dvblinkcap3) -- C:\Windows\SysNative\drivers\dvblinkcap3.sys (DVBLink) DRV:64bit: - (dvblinkcap2) -- C:\Windows\SysNative\drivers\dvblinkcap2.sys (DVBLink) DRV:64bit: - (dvblinkcap) -- C:\Windows\SysNative\drivers\dvblinkcap.sys (DVBLink) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (SWNC8U55) Sierra Wireless MUX NDIS Driver (UMTS55) -- C:\Windows\SysNative\drivers\swnc8u55.sys (Sierra Wireless Inc.) DRV:64bit: - (scrswix64) -- C:\Windows\SysNative\drivers\scrswix64.sys (Sierra Wireless ) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks) DRV:64bit: - (SWUMX55) Sierra Wireless USB MUX Driver (UMTS55) -- C:\Windows\SysNative\drivers\swumx55.sys (Sierra Wireless Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HavaTV_10) -- C:\Windows\SysNative\drivers\HavaTV_10.sys (Monsoon Multimedia Inc.) DRV:64bit: - (HAVATV) -- C:\Windows\SysNative\drivers\HavaTV.sys (Monsoon Multimedia Inc.) DRV:64bit: - (havabus) -- C:\Windows\SysNative\drivers\havabus.sys (Monsoon Multimedia Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH) DRV:64bit: - (sermux) -- C:\Windows\SysNative\drivers\serialmux.sys (Sierra Wireless Inc.) DRV:64bit: - (swvspser) -- C:\Windows\SysNative\drivers\swvspser.sys (Sierra Wireless Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (SwiProt) -- C:\Windows\SysNative\drivers\SwiProt.sys (Sierra Wireless Inc.) DRV:64bit: - (swivsp) -- C:\Windows\SysNative\drivers\swivspnt.sys (Sierra Wireless Inc.) DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (PORTIO64) -- C:\Users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 47 E8 F8 B9 DF CA 01 [binary data] IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011.02.10 14:06:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins [2010.03.27 16:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2011.02.10 14:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions [2010.12.03 15:01:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2011.01.27 00:23:29 | 000,000,000 | ---D | M] (Real-Debrid - Plugin) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions\real@debrid [2011.02.10 13:19:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010.11.16 21:40:20 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.) O4 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.02.10 23:05:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.02.10 23:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.10 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.02.10 16:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager [2011.02.10 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager [2011.02.10 16:36:23 | 000,025,608 | ---- | C] (Dritek System Inc.) -- C:\Windows\SysWow64\drivers\DKbFltr.sys [2011.02.10 16:36:22 | 000,347,656 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE [2011.02.10 16:32:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.02.10 16:20:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.02.10 16:12:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.02.10 16:02:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.02.10 16:02:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.02.10 16:02:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.02.10 16:02:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.10 16:02:43 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.02.10 16:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.02.10 16:02:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.02.10 14:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11 [2011.02.10 13:11:48 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.02.10 13:11:48 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.02.10 13:11:48 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.02.10 13:11:48 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.02.10 13:11:48 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.02.10 13:11:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.02.10 13:11:47 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.10 13:11:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.10 13:11:47 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.02.10 13:11:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.02.10 13:11:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.02.10 13:11:47 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.02.10 13:11:47 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.02.10 13:11:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.02.10 13:11:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.02.10 13:11:47 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.02.10 13:11:47 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.02.10 13:11:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.02.10 13:11:46 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.10 13:11:46 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.10 13:11:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.02.10 13:11:44 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.10 13:11:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.10 13:11:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.10 13:11:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.10 13:11:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.02.10 13:11:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.02.10 13:11:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.02.10 13:11:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.02.10 13:11:43 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.02.10 13:11:42 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.02.10 13:11:42 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.02.10 13:11:42 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.02.10 13:11:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.02.10 13:11:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.02.10 13:11:42 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.02.10 13:11:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.02.10 13:11:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.10 13:11:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.10 13:11:41 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.02.10 13:11:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.02.10 13:11:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.02.10 13:11:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.02.10 13:11:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.02.10 13:11:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.02.10 13:11:40 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.10 13:11:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.10 13:11:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.02.10 13:11:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.02.10 13:11:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.02.10 13:11:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.02.10 13:11:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.02.10 13:11:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.02.10 13:11:39 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.02.10 13:11:38 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.02.10 13:11:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.02.10 13:11:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.02.10 13:11:35 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.10 13:11:34 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.02.10 13:11:34 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.02.10 13:11:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.02.10 13:11:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.02.10 13:11:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.02.10 13:11:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.02.10 13:11:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.02.10 13:11:32 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.02.10 13:11:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.02.10 13:11:32 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.02.10 13:11:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.02.10 13:11:32 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.02.10 13:11:31 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.02.10 13:11:31 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.02.10 13:11:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.10 13:11:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.10 13:11:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.02.10 13:11:31 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.02.10 13:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.02.10 13:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.02.10 13:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool [2011.02.10 10:23:33 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.10 10:23:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.10 10:23:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.10 10:23:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.10 10:23:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.10 10:23:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.10 10:23:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.10 10:23:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.10 10:22:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.10 10:18:01 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.10 10:18:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.10 10:17:04 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.10 10:17:03 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.10 10:17:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.10 10:17:01 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.10 10:16:43 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.10 10:16:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.10 10:16:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.10 10:16:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.03 16:41:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\FileZilla [2011.02.03 16:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2011.02.02 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.02.02 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\ICQ [2011.02.02 17:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4 [2011.02.01 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Konten 2010 [2011.01.29 14:23:35 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Octoshape [2011.01.29 11:02:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2011.01.29 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Anti-Malware [2011.01.29 10:01:03 | 000,000,000 | R--D | C] -- C:\Users\Fabian\Documents\Scanned Documents [2011.01.29 10:01:02 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Fax [2011.01.27 01:08:36 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\DMCache [2011.01.26 10:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.01.26 09:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.01.26 09:30:01 | 000,000,000 | ---D | C] -- C:\Windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures [2011.01.26 09:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011.01.26 09:29:00 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2011.01.24 14:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.01.24 14:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.01.23 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klever Group [2011.01.12 09:33:50 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 09:33:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.12 09:33:45 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 09:33:45 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 09:33:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.01.12 09:33:45 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.01.12 09:33:44 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 09:33:43 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 09:33:43 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.12 09:33:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 09:33:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.01.12 09:33:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.12 09:33:41 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.12 09:33:40 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.01.12 09:33:39 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 09:33:39 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 09:33:39 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.12 09:33:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 09:33:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 09:33:37 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 09:33:37 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 09:33:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 09:33:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 09:33:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 09:33:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 09:33:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 09:33:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll ========== Files - Modified Within 30 Days ========== [2011.02.10 23:05:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 22:59:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.10 16:36:40 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI [2011.02.10 16:36:30 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI [2011.02.10 16:22:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 16:22:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 16:11:50 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys [2011.02.10 14:06:31 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk [2011.02.10 13:19:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.02.10 10:31:05 | 000,291,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.03 16:13:38 | 000,000,600 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\winscp.rnd [2011.02.03 15:44:41 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.03 15:44:41 | 000,658,140 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.03 15:44:41 | 000,618,646 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.03 15:44:41 | 000,131,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.03 15:44:41 | 000,107,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.29 11:02:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2011.01.28 14:11:01 | 654,570,567 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.26 09:31:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.01.26 09:30:18 | 001,530,612 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.20 09:38:01 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2011.01.14 19:22:59 | 000,001,873 | ---- | M] () -- C:\Users\Fabian\Desktop\heise_ueberweisung1.pdf ========== Files Created - No Company Name ========== [2011.02.10 23:05:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 16:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2011.02.10 16:36:30 | 000,000,089 | ---- | C] () -- C:\Windows\LManager.UNI [2011.02.10 16:02:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.02.10 16:02:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.02.10 16:02:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.02.10 16:02:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.02.10 16:02:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.10 14:06:31 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk [2011.02.10 14:06:31 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk [2011.02.10 13:11:47 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.02.10 13:11:47 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.01.26 09:31:08 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.01.26 09:30:18 | 001,530,612 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.14 19:22:59 | 000,001,873 | ---- | C] () -- C:\Users\Fabian\Desktop\heise_ueberweisung1.pdf [2010.11.24 14:46:39 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini [2010.11.16 10:29:20 | 000,088,274 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.08.06 11:49:06 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\winscp.rnd [2010.05.18 15:18:57 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2010.04.21 11:37:34 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.04.19 13:22:35 | 000,000,038 | ---- | C] () -- C:\Windows\xbins_options.ini [2010.04.13 08:03:34 | 000,008,449 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.03.27 21:19:44 | 000,000,680 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2010.03.27 21:18:07 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2010.03.27 21:18:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2010.03.27 19:30:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.03.27 19:30:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2001.08.29 13:11:40 | 000,398,848 | R--- | C] () -- C:\Windows\SysWow64\DK2WIN32.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:14236B7B @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.02.2011 00:08:24 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fabian\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 392,72 Gb Free Space | 84,32% Space Free | Partition Type: NTFS Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack "8EA3E06A12B0DACD40B4C1EE7ADE0EA5151433DC" = Windows-Treiberpaket - Prolific (Ser2pl) Ports (02/12/2007 3.0.1.0) "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "EPSON BX610FW Series" = Druckerdeinstallation für EPSON BX610FW Series "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10 "{12904FE6-E6B8-4259-8C33-B5D44A610EE6}" = 39703 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{27BC2ACB-2A15-47F1-B8CD-139969221616}" = Sierra Wireless Drivers "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{5509C1B5-A1C9-459A-9616-382458CBFD50}" = StarMoney 7.0 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney "{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney "{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3 "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}" = Synology Download Redirector "{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1AFD1D1-3536-4614-8333-6B1B256E806F}" = Sierra Wireless Watcher "{FA7621DC-7144-4A24-973C-B9BC0E945628}" = Ulead Straight-to-Disc SDK "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7 "CrystalDiskInfo_is1" = CrystalDiskInfo 3.9.1 "DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox "EPSON Scanner" = EPSON Scan "flip.exe" = Flip 3.4.1 "HijackThis" = HijackThis 2.0.2 "InstallShield_{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "JDownloader" = JDownloader "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 4.0b11 (x86 en-US)" = Mozilla Firefox 4.0b11 (x86 en-US) "PumpKIN" = Klever PumpKIN 2.7.2 "Synology Assistant" = Synology Assistant (remove only) "Totalcmd" = Total Commander (Remove or Repair) "VLC media player" = VLC media player 1.1.4 "WinAVR-20100110" = WinAVR 20100110 (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.02.2011 09:27:16 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 09:27:16 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100 Description = Error - 10.02.2011 11:25:31 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000096 Fehleroffset: 0x0000000000d5c000 ID des fehlerhaften Prozesses: 0x224 Startzeit der fehlerhaften Anwendung: 0x01cbc934e33ca797 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ff03aeb3-3529-11e0-b006-f57095b153a7 Error - 10.02.2011 11:25:31 | Computer Name = Fabian-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 [ Media Center Events ] Error - 21.04.2010 07:59:27 | Computer Name = Fabian-PC | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hava Remote Video TvTuner Error - 21.04.2010 07:59:37 | Computer Name = Fabian-PC | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hava Remote Video TvTuner [ System Events ] Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 11:26:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062 Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 < End of report > Geändert von Deynet (11.02.2011 um 00:15 Uhr) |
11.02.2011, 09:20 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 09:21 | #5 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Nein, hab keine weiteren MBAM Logs, sonst hätte ich die bereits gepostet! |
11.02.2011, 09:31 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:14236B7B @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Google leitet auf ungewünschte Seiten weiter (redirect, jumper) |
11.02.2011, 09:52 | #7 | |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Danke soweit, hier der gewünschte Log: Zitat:
|
11.02.2011, 10:40 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 11:12 | #9 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Erledigt, hier der ComboFix Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-02-09.05 - Fabian 11.02.2011 10:53:57.2.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3999.2752 [GMT 1:00] ausgeführt von:: c:\users\Fabian\Desktop\cofi.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2011-01-11 bis 2011-02-11 )))))))))))))))))))))))))))))) . 2011-02-11 10:00 . 2011-02-11 10:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-11 09:47 . 2011-02-11 09:47 -------- d-----w- c:\program files\CCleaner 2011-02-11 09:22 . 2011-01-13 01:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3584CA5-C81E-4F02-AD5D-014FA63CB028}\mpengine.dll 2011-02-11 08:47 . 2011-02-11 08:47 -------- d-----w- C:\_OTL 2011-02-11 08:35 . 2011-02-11 08:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-02-11 08:23 . 2010-12-18 03:35 2381824 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-11 08:23 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-02-11 08:23 . 2010-12-18 03:39 1502208 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-11 08:23 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-02-10 15:36 . 2011-02-10 15:36 -------- d-----w- c:\program files (x86)\Launch Manager 2011-02-10 15:36 . 2009-03-26 10:16 25608 ----a-w- c:\windows\SysWow64\drivers\DKbFltr.sys 2011-02-10 15:36 . 2009-08-21 09:31 347656 ----a-w- c:\windows\UNINST32.EXE 2011-02-10 15:02 . 2011-02-10 15:20 -------- d-----w- C:\ComboFix 2011-02-10 13:06 . 2011-02-11 08:39 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11 2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\system32\wbem\en-US 2011-02-10 12:09 . 2011-02-10 12:09 -------- d-----w- c:\program files (x86)\Feedback Tool 2011-02-10 09:22 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-02-10 09:22 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-02-10 09:22 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys 2011-02-10 09:22 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll 2011-02-10 09:18 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-10 09:18 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-02-10 09:18 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll 2011-02-10 09:17 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-10 09:17 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-02-10 09:17 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-02-10 09:17 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-02-10 09:17 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-02-10 09:16 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-02-10 09:16 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-02-10 09:16 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-02-10 09:16 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-02-03 15:41 . 2011-02-03 15:48 -------- d-----w- c:\users\Fabian\AppData\Roaming\FileZilla 2011-02-03 15:41 . 2011-02-05 09:45 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2011-02-02 16:20 . 2011-02-11 09:48 -------- d-----w- c:\users\Fabian\AppData\Roaming\ICQ 2011-02-02 16:20 . 2011-02-02 18:13 -------- d-----w- c:\program files (x86)\ICQ7.4 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2011-01-29 13:23 . 2011-01-29 13:23 -------- d-----w- c:\users\Fabian\AppData\Roaming\Octoshape 2011-01-27 00:08 . 2011-01-27 00:39 -------- d-----w- c:\users\Fabian\AppData\Roaming\DMCache 2011-01-26 09:31 . 2011-01-26 09:31 -------- d-----w- c:\programdata\McAfee 2011-01-26 08:46 . 2011-01-26 08:46 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A964EABD-4B31-4AC2-9F7E-7F0885858CF4}\gapaengine.dll 2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures 2011-01-26 08:29 . 2011-01-26 08:31 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-26 08:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-10 12:19 . 2010-10-26 07:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-01-13 01:20 . 2010-04-04 20:53 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-20 17:08 . 2010-04-21 13:16 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 13:30 . 2010-12-17 13:30 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys 2010-12-17 13:29 . 2010-12-17 13:29 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2010-12-17 13:29 . 2010-12-17 13:29 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys 2010-12-04 10:19 . 2010-11-16 09:29 88274 ----a-w- c:\programdata\bdinstall.bin 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . ((((((((((((((((((((((((((((( SnapShot@2011-02-10_15.12.46 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-27 15:51 . 2011-02-11 09:14 46888 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-02-11 09:14 42052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-27 15:51 . 2011-02-11 09:14 14280 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47627433-3400642544-1298846585-1001_UserData.bin + 2009-07-14 05:30 . 2011-02-10 15:36 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2011-02-10 12:12 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-02-10 15:36 . 2009-03-26 10:16 25608 c:\windows\system32\DriverStore\FileRepository\lmanager.inf_amd64_neutral_25a0b307b5f045bd\DKbFltr.sys + 2010-03-27 14:47 . 2011-02-11 09:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-27 14:47 . 2011-02-10 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-27 14:47 . 2011-02-10 12:47 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-27 14:47 . 2011-02-11 09:45 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-02-11 09:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-02-10 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-02-11 09:22 84592 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-11-10 11:49 . 2010-11-10 11:49 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\wow_helper.exe + 2010-11-10 11:49 . 2010-11-10 11:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\ViewerPS.dll + 2010-11-10 11:49 . 2010-11-10 11:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\reader_sl.exe + 2010-11-10 11:49 . 2010-11-10 11:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\PDFPrevHndlr.dll + 2010-11-10 11:49 . 2010-11-10 11:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\eula.exe + 2010-11-10 11:49 . 2010-11-10 11:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acrotextextractor.exe + 2010-11-10 11:49 . 2010-11-10 11:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32Info.exe + 2010-11-10 11:49 . 2010-11-10 11:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acroiehelpershim.dll + 2010-11-10 11:49 . 2010-11-10 11:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroIEHelper.dll + 2010-11-10 11:49 . 2010-11-10 11:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\Acrofx32.dll - 2011-02-10 15:12 . 2011-02-10 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-02-11 10:01 . 2011-02-11 10:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-02-10 15:12 . 2011-02-10 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-02-11 10:01 . 2011-02-11 10:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-02-10 12:11 . 2010-08-31 23:41 176640 c:\windows\SysWOW64\ieui.dll + 2011-02-11 08:23 . 2010-12-18 03:13 176640 c:\windows\SysWOW64\ieui.dll + 2010-04-02 18:36 . 2011-02-11 07:31 259370 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-02-10 12:11 . 2010-08-31 23:40 242688 c:\windows\system32\ieui.dll + 2011-02-11 08:23 . 2010-12-18 03:32 242688 c:\windows\system32\ieui.dll + 2009-07-14 05:30 . 2011-02-10 15:36 239616 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-02-10 12:12 239616 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-02-10 12:12 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2011-02-10 15:36 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:01 . 2011-02-10 15:10 273836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-02-11 10:00 273836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 12:46 . 2011-02-11 10:00 468888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-47627433-3400642544-1298846585-1001-12288.dat + 2010-11-10 11:49 . 2010-11-10 11:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\pdfshell.dll + 2010-11-10 11:49 . 2010-11-10 11:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\nppdf32.dll + 2010-11-10 11:49 . 2010-11-10 11:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\JP2KLib.dll + 2010-11-10 11:49 . 2010-11-10 11:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AiodLite.dll + 2010-11-10 11:49 . 2010-11-10 11:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroPDF.dll + 2010-11-10 11:49 . 2010-11-10 11:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acrobroker.exe + 2010-11-10 11:49 . 2010-11-10 11:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\a3dutils.dll - 2009-07-14 04:45 . 2011-02-10 12:27 3897560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2011-02-11 08:43 3897560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2010-11-10 21:03 . 2010-11-10 21:03 2321408 c:\windows\Installer\3bbe508.msi + 2010-11-10 11:49 . 2010-11-10 11:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\rt3d.dll + 2010-11-10 11:49 . 2010-11-10 11:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\authplay.dll + 2010-11-10 11:49 . 2010-11-10 11:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AGM.dll + 2010-11-10 11:49 . 2010-11-10 11:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AdobeCollabSync.exe + 2010-11-10 11:49 . 2010-11-10 11:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32.exe + 2011-02-11 08:23 . 2010-12-18 03:27 10201600 c:\windows\SysWOW64\mshtml.dll + 2011-02-11 08:23 . 2010-12-18 03:22 12348928 c:\windows\SysWOW64\ieframe.dll - 2011-02-10 12:11 . 2010-08-31 23:45 12348928 c:\windows\SysWOW64\ieframe.dll - 2009-07-14 02:34 . 2011-02-10 13:01 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-02-11 09:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-02-11 08:23 . 2010-12-18 03:51 16625664 c:\windows\system32\mshtml.dll - 2011-02-10 12:11 . 2010-08-31 23:44 13632512 c:\windows\system32\ieframe.dll + 2011-02-11 08:23 . 2010-12-18 03:45 13632512 c:\windows\system32\ieframe.dll + 2011-01-30 20:43 . 2011-01-30 20:43 12425728 c:\windows\Installer\3bbe509.msp + 2010-11-10 11:49 . 2010-11-10 11:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-02-02 119608] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776] "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-10-05 549384] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-27 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-27 35104] R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-06-13 43320] R3 dvblinkcap;DVBLink Capture B90A12CC6C544A961E7028D3A08A2C632551DE3F;c:\windows\system32\DRIVERS\dvblinkcap.sys [2010-04-12 18608] R3 dvblinkcap2;DVBLink Capture 5C3B268ADE2E693A42BFBC49F3EBAF0AD3A57BFE25070C30B60F714F;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2010-04-12 18608] R3 dvblinkcap3;DVBLink Capture 1FC24AFA7DE950B5FDBDA8673412F3883AA61D96F28D057B3111D4B1FDD658C5;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2010-04-12 18608] R3 dvblinkcap4;DVBLink Capture 7A489C6F335339BF1349A65F6FF08BE465CAF3F7F02FAD0941DA1ED685D1245E228F1C238BF13D9691863A377E0231EA;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2010-04-12 18608] R3 dvblinktun;DVBLink Tuner 50700D4E15024598D94DCF7F283840B0F5F20935;c:\windows\system32\DRIVERS\dvblinktun.sys [2010-04-12 20784] R3 dvblinktun2;DVBLink Tuner 6087B55DBA907503F9232E739AD4354E0DF9EA0EFA4808BA55BA79A1;c:\windows\system32\DRIVERS\dvblinktun2.sys [2010-04-12 20784] R3 dvblinktun3;DVBLink Tuner 9E35F72855E3F9D9A737E369D508E65CAF3CE20DABEE2FD07E6D4D6ACD48B96C;c:\windows\system32\DRIVERS\dvblinktun3.sys [2010-04-12 20784] R3 dvblinktun4;DVBLink Tuner 79D1057C34BF015640F64477EE6B73DDB692E0012920629BD513FAF19670B43DB91FC3DB70EE9CA15CDD3CCC9CD3D9DF;c:\windows\system32\DRIVERS\dvblinktun4.sys [2010-04-12 20784] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-17 13352] R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072] R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-27 5435904] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 PORTIO64;PORTIO64;c:\users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys [2008-09-10 4096] R3 sermux;Sierra Wireless Serial MUX;c:\windows\system32\DRIVERS\serialmux.sys [2008-04-22 39168] R3 SwiProt;Sierra Wireless Protocol Driver;c:\windows\system32\DRIVERS\swiprot.sys [2007-05-02 30720] R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2010-01-28 283136] R3 swvspser;MP VSP using Serial MUX;c:\windows\system32\DRIVERS\swvspser.sys [2008-03-04 24064] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688] R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 220696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2009-04-15 654640] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-10 20456] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 havasvc;HAVA Service;c:\program files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-06-16 145408] S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2010-04-13 15008] S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-06-02 380928] S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224] S3 havabus;HAVA Bus Enumerator;c:\windows\system32\DRIVERS\havabus.sys [2009-06-16 45056] S3 HAVATV;Hava Video Device;c:\windows\system32\DRIVERS\HAVATV.sys [2009-06-16 343168] S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\DRIVERS\HavaTV_10.sys [2009-06-16 343168] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 scrswix64;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswix64.sys [2010-01-19 27648] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-17 34032] S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 23552] S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-12-08 206848] S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe TCP: {757878C0-41A3-417C-B61B-57FFE80F71D0} = 212.23.97.2 212.23.97.3 TCP: {ECED2042-1EAA-4E40-8867-77FB3BEA6477} = 62.134.11.4 195.182.110.132? FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\p85ul6zo.default\ FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q= . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000] "ImagePath"="system32\DRIVERS\vdrv1000.sys" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-11 11:10:04 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-11 10:10 ComboFix2.txt 2011-02-10 15:20 Vor Suchlauf: 17 Verzeichnis(se), 420.834.951.168 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 420.362.936.320 Bytes frei - - End Of File - - B9E29BAAE665EB357E45C947D0D92AAE Problem ist leider noch nicht behoben, werde bei den Google Suchergebnissen häufig auf die Seite shopcompare.de weitergeleitet. Geändert von Deynet (11.02.2011 um 11:33 Uhr) |
11.02.2011, 12:10 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 12:37 | #11 | |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Wie gewünscht die Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-02-11 12:31:55 Windows 6.1.7600 Running: liw4tgh9.exe ---- Services - GMER 1.0.15 ---- Service system32\DRIVERS\vdrv1000.sys (*** hidden *** ) [SYSTEM] vdrv1000 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0015831447c7 0xCE 0x8D 0x4C 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0013e0848150 0xDD 0x32 0xFE 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag 66 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0015831447c7 0xCE 0x8D 0x4C 0xAA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0013e0848150 0xDD 0x32 0xFE 0x2A ... Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag 66 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0 1 Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Zitat:
|
11.02.2011, 13:45 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper)Zitat:
Wenn du keine Win7-DVD hast, geht das auch mit einer Vista-Rescue-Disc, schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows Lad die ISO-Datei herunter, brenn sie zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Wie gesagt, falls Du eine normale Windows-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Windows-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Mach danach neue Logs mit MBRcheck und wenn's geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 13:51 | #13 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Hab ein Netbook ohne optisches Laufwerk. Hab auch keine Win7 DVD zur Hand. Wie soll ich vorgehen, geht das auch per USB Stick? |
11.02.2011, 15:11 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Per USB-Stick geht, aber man müsste via WinSetupFromUSB sich einen basteln. Kannst du dir nich ein externen Brenner oder DVD-Laufwerk besorgen, was per USB angeschlossen wird? Edit: Führ erstmal das Kaspersky-TDSS-Tool bitte aus => http://www.trojaner-board.de/82358-t...entfernen.html Wenn wir damit nicht den MBR fixen können muss das ext. Laufwerk her.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 15:37 | #15 |
Account geschlossen | Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Hallo, hatte mich eben schnell schlau gemacht und ruck-zuck nen bootfähigen USB-Stick fertig erstellt mit dem DVD Image das du gesagt hast. Habs mit bootrec.exe exakt so gemacht wie du gesagt hast. UND JETZT STARTET WINDOWS NICHT MEHR!!! Er versucht normal zu starten, dann kommt für den Bruchteil einer Sekunde ein blauer Bildschirm (kann da nix lesen), er startet neu und dann hab ich die Wahl zwischen "Systemstarthilfe" und "normal starten". Bei "normal starten" komm ich wieder zurück an diesen Punkt, bei "Starthilfe" versucht er ne Systemstartreparatur und es kommt nach einiger Zeit "System konnte nicht repariert werden". (genauere Infos Bild 1+2) Habe dann noch die Möglichkeiten von Bild 3. WAS NUN? |
Themen zu Google leitet auf ungewünschte Seiten weiter (redirect, jumper) |
64-bit, adobe, bonjour, combofix, defender, device driver, feedback, firefox, ftp, generic, google, leitet, libusb0.sys, log, m.exe, malware protection, microsoft security, microsoft security essentials, mozilla, object, problem, programdata, prozesse, realtek, security, seiten, sierra, software, starmoney, start menu, suche, synology, system, syswow64, temp, updates, usb, usbaapl64, vista, windows, windows 7 64-bit |