| |
| |||||||
Log-Analyse und Auswertung: Startseite kommt immer WesternunionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.10.2011, 21:09
| #1 |
| |  Startseite kommt immer Westernunion hallo habe das problem das ich meine startseite nicht mehr verändern kann es kommt immer westerunion.de kann mir jemand helfen. habe otl drüber laufen lassen komme aber jetzt nicht weiter bin nicht der held in sachen pc  Geändert von hundehof (20.10.2011 um 21:30 Uhr) |
|
21.10.2011, 09:09
| #2 |
| | Startseite kommt immer Westernunion OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 20.10.2011 21:14:27 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\martin\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16473) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 893,56 Mb Total Physical Memory | 291,84 Mb Available Physical Memory | 32,66% Memory free 2,00 Gb Paging File | 0,86 Gb Available in Paging File | 43,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,41 Gb Total Space | 22,78 Gb Free Space | 34,82% Space Free | Partition Type: NTFS Drive D: | 32,70 Gb Total Space | 31,57 Gb Free Space | 96,54% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Alice Software\AliceEinwahl.exe (Hansenet) PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Program Files\Common Files\aol\1193945793\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\js3250.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.) DRV - (ATWPKT2) -- C:\Windows\System32\drivers\atwpkt2.sys (America Online) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files\AOL Deutschland Toolbar\aoldetb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Western Union Geldtransfer IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\URLSearchHook: {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files\AOL Deutschland Toolbar\aoldetb.dll (AOL LLC.) IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.28 11:09:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.28 11:09:45 | 000,000,000 | ---D | M] [2009.10.01 11:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Extensions [2011.10.20 19:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\mozilla\Firefox\Profiles\encxtkl7.default\extensions [2010.03.20 12:05:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\martin\AppData\Roaming\mozilla\Firefox\Profiles\encxtkl7.default\extensions\toolbar@ask.com [2011.10.19 21:52:48 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-1.xml [2011.09.28 11:10:17 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-10.xml [2010.03.25 13:30:34 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-2.xml [2010.03.25 13:31:51 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-3.xml [2010.06.30 23:18:47 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-4.xml [2010.07.02 17:30:20 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-5.xml [2010.11.19 18:51:57 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-6.xml [2010.11.23 23:17:49 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-7.xml [2011.09.08 19:54:17 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-8.xml [2011.09.18 16:40:05 | 000,000,950 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin-9.xml [2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin.gif [2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin.src [2010.03.10 17:52:43 | 000,000,955 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\encxtkl7.default\searchplugins\icqplugin.xml [2010.01.22 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.01.22 21:34:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.18 16:39:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.18 16:39:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.18 16:39:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.18 16:39:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.18 16:39:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Deutschland Toolbar Loader) - {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} - C:\Program Files\AOL Deutschland Toolbar\aoldetb.dll (AOL LLC.) O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (AOL Deutschland Toolbar) - {567d4d94-8077-4682-b887-945f3d644116} - C:\Program Files\AOL Deutschland Toolbar\aoldetb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH) O3 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\Toolbar\WebBrowser: (AOL Deutschland Toolbar) - {567D4D94-8077-4682-B887-945F3D644116} - C:\Program Files\AOL Deutschland Toolbar\aoldetb.dll (AOL LLC.) O3 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193945793\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000..\Run: [{B632EA6C-DB43-491A-CB8C-B62B6823D0C4}] C:\Users\martin\AppData\Roaming\Yzve\vodoem.exe () O7 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0814BD61-09D7-41C5-BE9F-B9B1E9A09ADB}: NameServer = 62.109.123.197 213.191.74.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB779ED-1625-4D74-B347-53CD445A25ED}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA22604-44F8-41AE-87C5-FF3A92DC82AA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{dd6d5f7f-1e44-11e0-91f1-b42fe3466c5a}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.20 21:08:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\martin\Desktop\OTL.exe [2011.10.20 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.10.20 20:20:11 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Apps [2011.10.20 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Deployment [2011.10.16 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Yzve [2011.10.16 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Uhihvit ========== Files - Modified Within 30 Days ========== [2011.10.20 21:08:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Desktop\OTL.exe [2011.10.20 21:02:38 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.20 21:02:38 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.20 20:25:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225678357-4224763706-2434823376-1000UA.job [2011.10.20 20:25:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225678357-4224763706-2434823376-1000Core.job [2011.10.20 20:23:01 | 000,002,053 | ---- | M] () -- C:\Users\martin\Desktop\Google Chrome.lnk [2011.10.20 20:03:40 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.10.20 20:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.16 17:15:44 | 000,014,336 | ---- | M] () -- C:\Users\martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.25 13:25:12 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.25 13:25:12 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.25 13:25:12 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.25 13:25:12 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011.10.20 20:23:01 | 000,002,053 | ---- | C] () -- C:\Users\martin\Desktop\Google Chrome.lnk [2011.10.20 20:20:51 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225678357-4224763706-2434823376-1000UA.job [2011.10.20 20:20:48 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225678357-4224763706-2434823376-1000Core.job [2011.09.15 20:32:02 | 000,000,680 | ---- | C] () -- C:\Users\martin\AppData\Local\d3d9caps.dat [2010.03.26 18:48:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2009.11.23 17:32:59 | 000,024,206 | ---- | C] () -- C:\Users\martin\AppData\Roaming\UserTile.png [2008.02.09 09:54:21 | 000,000,862 | ---- | C] () -- C:\Users\martin\AppData\Roaming\wklnhst.dat [2008.01.03 12:09:18 | 000,063,424 | ---- | C] () -- C:\Windows\System32\RPASPC16.DLL [2007.11.12 21:08:42 | 000,014,336 | ---- | C] () -- C:\Users\martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.01 23:38:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.01 21:36:24 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.07 04:37:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.09.06 19:29:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.06 19:28:24 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2007.09.06 19:27:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2006.11.02 17:38:05 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:38:05 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,301,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== LOP Check ========== [2008.07.19 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\BitTorrent [2008.07.19 13:10:59 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\DNA [2008.07.19 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\gtk-2.0 [2009.09.29 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Hansenet [2010.12.20 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\ICQ [2007.10.27 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\InterVideo [2009.11.23 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\PeerNetworking [2008.02.09 09:55:29 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Template [2011.10.20 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Uhihvit [2011.10.20 21:18:42 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Yzve [2011.10.20 19:58:22 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.10.2011 21:14:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\martin\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
893,56 Mb Total Physical Memory | 291,84 Mb Available Physical Memory | 32,66% Memory free
2,00 Gb Paging File | 0,86 Gb Available in Paging File | 43,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,41 Gb Total Space | 22,78 Gb Free Space | 34,82% Space Free | Partition Type: NTFS
Drive D: | 32,70 Gb Total Space | 31,57 Gb Free Space | 96,54% Space Free | Partition Type: NTFS
Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-225678357-4224763706-2434823376-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2288E36B-54FD-4D8F-8C8F-84D58F80753B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2424077F-7E66-41AC-96C4-330A83A12B1D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3E9D6D51-4A1A-4225-AD2D-4455B65EC996}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EC76F53-D655-4D03-B83B-B51552FDAF95}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47B93D5F-8616-4820-A079-47E420DA8962}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{771A9C51-E70C-4E95-9F4D-B9EE7682E22E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7859C2C5-B4D8-4D0C-8058-23A9F0A023B9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F5AC5C8-C9FF-48B0-8D58-CE66559FE747}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{801D8C7A-050E-4A0A-BB9B-66E6BA78BCAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9077BC6A-163B-49DA-8BCA-0F74118AD52F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3B99CB0-A532-4158-AA8D-8162F9216205}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A481EFD8-0710-4FEC-A655-D812251339D2}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B16264BF-F3A8-40D7-8282-0AD8E2349005}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0BCC2B9-DB24-4E55-AE65-8302EE1A6D5A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E5F767A6-F2D5-4E9B-A050-282970C70C74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F056E4BC-E6B6-4B54-A28A-8F7D9AF8B85A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9521744-17D9-42FA-B489-29B7CA214824}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0129C1E4-82C6-4D25-8262-CE95AA018105}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{02AA3574-5CA4-4E4E-9779-8434F7903E67}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{112876C3-3AE6-40F4-A0CE-5A53CA1E5B93}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1F148A00-5252-4A21-8275-0436C8853420}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{23F85111-80A5-4EC1-A43A-1599215BB233}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2C2B086F-2107-4124-AADA-1F66C14679BE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2ECB9BC9-9911-451D-935D-2D27F60A5077}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1193945793\ee\aolsoftware.exe |
"{32E3AB5A-C56A-4387-96A1-8A7C8021C70C}" = protocol=6 | dir=out | app=system |
"{337EBA89-0F01-4E1C-A1A1-25EB3DC4109F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{342ACF94-CFDA-4773-B213-76BAB5DEEA11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B652470-3291-40BC-B21F-138CC04CBCAB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3F5B51C9-FAD7-4B91-8F6C-D618A80CDEFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F0DE06-3C98-4BB1-903C-289F5D116E25}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1193945793\ee\aolsoftware.exe |
"{4652EDB8-1AA9-4A0D-8D2E-2F09C3591A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{468915DE-5871-45C9-B998-7FBEE8FB471D}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{493273FE-007D-4260-AFD2-B0186C06594A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CC539AD-5F58-4929-8159-EC4A2471533B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53DCF01A-68AF-4C06-AFBF-B3F65940CEF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{554AC93D-AD61-4104-BA1C-F205C3F613BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CFE0B12-5E81-4A27-968F-D10A28CDC70A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6F673AAC-BD2C-4DAB-A332-2CF6607217F0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{76BCFE39-A460-4287-929F-F0AEED92BDCD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{7BD2EB15-2E67-4A46-98B6-5755DABD0170}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7D899662-163C-4183-97C0-F45C57670F78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88DBFE6C-66CE-4491-835B-7FE53F186641}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{93D20EF3-B941-41BA-95B0-3A11B4EE12AD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{95042AA2-F315-4F8B-BA1A-F5757B681F03}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9638EEC4-F4D4-4C75-8F97-47828030D562}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE741916-7DA9-43CF-9B34-4E2534DCCFB8}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{BCD72C46-2428-44F0-9302-63CEAE9D0855}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BFD99485-9637-4282-BF74-640AFA394A45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1734AAD-7C41-47ED-9E35-56697358AC74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1F0DB6B-D654-4678-8EFF-A60B97EE7D96}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C484A27C-B746-43E7-A91D-DE84F7C31012}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CE4F1494-B9CD-43C6-9112-69D985A16C90}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D48500B9-2983-4885-AB45-8D19D21EC460}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D53FE1D0-7241-4ED6-AE1B-A2690886F9D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3214939-C51E-4943-96D1-C75A9061109C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E6DE9299-D4F9-45DD-B70C-A3DA19B6DF8E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EAFC351E-31F4-49CE-A657-A27B50BDC2AC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{ECC2A9DB-D031-4DF9-932B-222C86D57DA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF90EB84-E209-4249-933D-96409BFEEDE0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F19B6180-2230-4B7A-83C9-B32FAA842942}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{FF5B7699-67D2-44CC-A83B-0373486B2E31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"TCP Query User{6FA592BD-8497-46F4-B5A0-1F37F9FD2656}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{782D7169-A443-4162-B6A9-81BA1227719F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{CE7AE096-3C23-498E-9AC4-BA0CB68D734E}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{07DE75DE-0B75-4B28-9D03-99AD2DC00665}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{09EF558E-4F7F-40B1-A7D7-BFB87C9522D8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9B8FEECA-3B00-4553-A118-10562FE26440}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93003409-98F1-4DE6-8E62-2CBFAFA4D6A3}" = Bietassistent
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3C70F7C-7423-4535-80C2-60A911B92BAD}" = Haustierarzt
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F82A95DD-6CFE-4AA0-B235-16186A46D878}" = NetObjects Fusion 9.0
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"A.S.L.E. - Katzenraub im Vogelviertel" = ASLE
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Alice Software" = Alice Software 4.10.0
"AOL Deinstallation" = AOL Deinstallation
"AOL Deutschland Toolbar" = AOL Deutschland Toolbar
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Google Desktop" = Google Desktop Search
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"PhotoScape" = PhotoScape
"PureVoice" = PureVoice 1.0
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WEBPLANET - Tools2000SP" = WEBPLANET - Tools2000SP
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-225678357-4224763706-2434823376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.01.2010 06:08:39 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 07.01.2010 10:22:30 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 07.01.2010 12:28:52 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2010 03:16:04 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2010 15:27:14 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2010 17:25:09 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2010 17:31:38 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 09.01.2010 15:08:12 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 09.01.2010 17:31:34 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
Error - 10.01.2010 11:02:19 | Computer Name = martin-PC | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 19.10.2011 05:13:37 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 19.10.2011 15:36:21 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 19.10.2011 15:36:21 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 19.10.2011 15:42:15 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 19.10.2011 15:42:34 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 19.10.2011 15:42:34 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 20.10.2011 02:57:26 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 20.10.2011 04:27:43 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 20.10.2011 12:50:43 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 20.10.2011 14:09:48 | Computer Name = martin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
|
|
21.10.2011, 12:09
| #3 |
| /// Malware-holic   | Startseite kommt immer Westernunion hiho
__________________achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-225678357-4224763706-2434823376-1000..\Run: [{B632EA6C-DB43-491A-CB8C-B62B6823D0C4}] C:\Users\martin\AppData\Roaming\Yzve\vodoem.exe
()
:Files
C:\Users\martin\AppData
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
21.10.2011, 20:45
| #4 |
| | Startseite kommt immer Westernunion Files\Folders moved on Reboot... Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Users\martin\AppData\Roaming scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
21.10.2011, 20:47
| #5 |
| | Startseite kommt immer Westernunion Hoffe das es so richtig war? meine start seite funkt wieder, aber was mach ich files? besten dank für die super hilfe. Geändert von hundehof (21.10.2011 um 21:15 Uhr) |
|
22.10.2011, 11:39
| #6 |
| /// Malware-holic | Startseite kommt immer Westernunion noch moved files packen, und hochladen, wie beschrieben.
__________________ --> Startseite kommt immer Westernunion |
|
| Themen zu Startseite kommt immer Westernunion |
| nicht mehr, problem, seite, startseite, startseite immer westernunion, verändern |
Linear-Darstellung
