| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unerwünschte Weiterleitung bei Google im FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.02.2011, 18:11
| #1 |
| |  Unerwünschte Weiterleitung bei Google im Firefox Hallo, ich habe das Problem das ich im Mozilla Firefox in der Google Suchliste beim klicken auf deren Einträge auf unerwünschte Seiten geleitet werde, anstatt auf die gewünschte. Das Problem tritt nicht dauerhaft aber oft auf, es nervt echt. Ich verwende Windows 7. Ich kenne mich mit Computern allgemein zwar recht gut aus, aber mit solchen Problemen nicht. Ich habe natürlich zuerst einmal gegoogelt und ähnliches gesehen aber beim Versuch das ebenso zu lösen bin ich immer gescheitert. Ich habe verschiedene Scanprogramme durchlaufen lassen, die auch ein Paar scheinbar nicht so tolle Sachen gefunden und entfernt haben, aber das Problem löste sich nicht. Also spielte ich mein Windows-Backup ein, legte also das System neu auf und hatte wieder keinen Erfolg. Dann löschte ich mal Firefox und installierte neu, brachte auch nichts. Nun könnte ich Rat gebrauchen, da ich sonst wohl noch ewig rumsuchen würde, weil ich eigentlich keinen Plan hab, deshalb hab ich mich hier im Forum angemeldet und hoffe auf Hilfe. Ok, nun arbeite ich euere Anleitung durch: mbam.log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5818 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.02.2011 17:44:02 mbam-log-2011-02-20 (17-44-02).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 154830 Laufzeit: 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.02.2011 17:47:34 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\xxx\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 53,48 Gb Free Space | 71,86% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 173,96 Gb Free Space | 18,67% Space Free | Partition Type: NTFS Drive W: | 750,00 Gb Total Space | 467,96 Gb Free Space | 62,39% Space Free | Partition Type: NTFS Computer Name: XXX-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.20 17:32:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\MFTools\OTL.exe PRC - [2011.02.20 13:08:41 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (SafeList) ========== MOD - [2011.02.20 17:32:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\MFTools\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.26 23:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.02.20 14:58:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.02.20 13:08:41 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.01.27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.01.27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.26 23:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 0B 65 A5 16 D1 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2011.02.20 16:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.02.20 16:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2011.02.20 16:55:35 | 000,430,078 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14802 more lines... O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] W:\Programme installiert\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] W:\Programme installiert\Daemon Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{20ba53f6-3cfa-11e0-8ffd-001966772e83}\Shell - "" = AutoRun O33 - MountPoints2\{20ba53f6-3cfa-11e0-8ffd-001966772e83}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.02.20 17:41:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.20 17:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.02.20 17:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.02.20 17:32:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\MFTools [2011.02.20 17:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.02.20 17:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis [2011.02.20 16:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.02.20 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.02.20 16:31:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Thunderbird [2011.02.20 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.02.20 15:50:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.02.20 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.20 15:50:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.02.20 15:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.02.20 15:42:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Mozilla [2011.02.20 15:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2011.02.20 15:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2011 Patch [2011.02.20 15:24:44 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.02.20 15:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.02.20 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Command & Conquer Generäle Stunde Null Data [2011.02.20 15:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2011.02.20 15:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.02.20 15:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.02.20 15:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.02.20 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.02.20 14:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.02.20 13:56:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Command and Conquer Generals Zero Hour Data [2011.02.20 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Tunngle [2011.02.20 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Tunngle [2011.02.20 13:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011.02.20 13:55:34 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys [2011.02.20 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2011.02.20 13:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011.02.20 13:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2011.02.20 13:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2011.02.20 13:40:31 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll [2011.02.20 13:40:31 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2011.02.20 13:40:31 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2011.02.20 13:40:31 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2011.02.20 13:40:28 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll [2011.02.20 13:40:28 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll [2011.02.20 13:40:27 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2011.02.20 13:40:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.02.20 13:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother [2011.02.20 13:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2011.02.20 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\InstallShield [2011.02.20 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2011.02.20 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\ATI [2011.02.20 13:35:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ATI [2011.02.20 13:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.02.20 13:35:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.02.20 13:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.02.20 13:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2 [2011.02.20 13:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream [2011.02.20 13:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.02.20 13:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.02.20 13:34:02 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.02.20 13:32:13 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.02.20 13:31:29 | 000,000,000 | ---D | C] -- C:\ATI [2011.02.20 13:30:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011.02.20 13:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2011.02.20 13:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.02.20 13:23:38 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.02.20 13:09:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TrueCrypt [2011.02.20 13:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2011.02.20 13:08:41 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2011.02.20 13:08:35 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt [2011.02.20 13:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt [2011.02.20 12:53:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011.02.20 12:53:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011.01.26 23:56:14 | 000,479,232 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.01.26 23:55:36 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.01.26 23:54:20 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.01.26 23:53:36 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.01.26 23:20:46 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll ========== Files - Modified Within 30 Days ========== [2011.02.20 17:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 17:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 17:40:56 | 000,000,928 | ---- | M] () -- C:\Users\xxx\Desktop\NTREGOPT.lnk [2011.02.20 17:40:56 | 000,000,909 | ---- | M] () -- C:\Users\xxx\Desktop\ERUNT.lnk [2011.02.20 17:35:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 17:35:27 | 2415,353,856 | -HS- | M] () -- C:\hiberfil.sys [2011.02.20 17:03:05 | 000,002,987 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2011.02.20 16:55:35 | 000,430,078 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.02.20 16:32:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.20 16:32:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.20 16:32:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.20 16:32:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.20 16:32:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.20 16:27:51 | 000,294,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.20 16:26:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.02.20 15:50:10 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.20 15:20:58 | 000,000,995 | ---- | M] () -- C:\Windows\eReg.dat [2011.02.20 14:58:47 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.02.20 13:55:35 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011.02.20 13:41:04 | 000,002,137 | ---- | M] () -- C:\Users\xxx\Desktop\ControlCenter3.lnk [2011.02.20 13:40:59 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf07a.dat [2011.02.20 13:40:57 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.02.20 13:40:57 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2011.02.20 13:37:15 | 000,001,239 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011.02.20 13:36:10 | 000,005,638 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2011.02.20 13:30:46 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.02.20 13:20:09 | 000,001,526 | ---- | M] () -- C:\Users\xxx\Desktop\Internet.lnk [2011.02.20 13:12:24 | 000,000,494 | ---- | M] () -- C:\Users\xxx\Desktop\(W).lnk [2011.02.20 13:08:41 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2011.02.18 17:59:57 | 000,001,295 | ---- | M] () -- C:\Users\xxx\Desktop\4. Semester.lnk [2011.02.15 18:55:48 | 000,007,077 | ---- | M] () -- C:\Users\xxx\Desktop\Nachholen lernen.ods [2011.01.27 00:00:48 | 000,145,280 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2011.01.26 23:56:14 | 000,479,232 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.01.26 23:55:36 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.01.26 23:54:20 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.01.26 23:53:36 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.01.26 23:29:38 | 000,756,736 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2011.01.26 23:23:50 | 000,756,736 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2011.01.26 23:20:46 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.01.25 23:42:00 | 000,030,707 | ---- | M] () -- C:\Windows\atiogl.xml ========== Files Created - No Company Name ========== [2011.02.20 17:40:56 | 000,000,928 | ---- | C] () -- C:\Users\xxx\Desktop\NTREGOPT.lnk [2011.02.20 17:40:56 | 000,000,909 | ---- | C] () -- C:\Users\xxx\Desktop\ERUNT.lnk [2011.02.20 17:03:05 | 000,002,987 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2011.02.20 16:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.02.20 15:50:10 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.20 15:16:23 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat [2011.02.20 14:58:47 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.02.20 13:55:35 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011.02.20 13:42:12 | 000,002,137 | ---- | C] () -- C:\Users\xxx\Desktop\ControlCenter3.lnk [2011.02.20 13:40:59 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf07a.dat [2011.02.20 13:40:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.02.20 13:40:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.02.20 13:37:15 | 000,001,239 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011.02.20 13:36:09 | 000,005,638 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.02.20 13:30:46 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.02.20 13:14:47 | 000,000,552 | ---- | C] () -- C:\Users\xxx\Desktop\Tagebuch.lnk [2011.02.20 13:14:43 | 000,001,526 | ---- | C] () -- C:\Users\xxx\Desktop\Internet.lnk [2011.02.20 13:14:42 | 000,000,805 | ---- | C] () -- C:\Users\xxx\Desktop\Email & Termine.lnk [2011.02.20 13:12:24 | 000,000,494 | ---- | C] () -- C:\Users\xxx\Desktop\(W).lnk [2011.02.18 17:59:57 | 000,001,295 | ---- | C] () -- C:\Users\xxx\Desktop\4. Semester.lnk [2011.01.27 00:00:48 | 000,145,280 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.01.26 23:29:38 | 000,756,736 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.01.26 23:23:50 | 000,756,736 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.01.25 23:42:00 | 000,030,707 | ---- | C] () -- C:\Windows\atiogl.xml [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.02.20 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.02.20 13:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2011.02.20 16:31:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird [2011.02.20 15:02:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt [2011.02.20 15:02:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tunngle [2009.07.14 06:08:49 | 000,002,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.07.17 22:59:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.20 13:31:29 | 000,000,000 | ---D | M] -- C:\ATI [2010.07.17 23:49:29 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.17 22:59:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2011.02.20 15:24:44 | 000,000,000 | R--D | M] -- C:\Programme [2011.02.20 17:40:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.02.20 16:40:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.17 22:59:00 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.17 22:59:01 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.02.20 13:13:18 | 000,000,000 | ---D | M] -- C:\Server [2011.02.20 17:48:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.07.17 22:59:10 | 000,000,000 | R--D | M] -- C:\Users [2011.02.20 17:41:42 | 000,000,000 | -H-D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.02.2011 17:47:34 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\xxx\Desktop\MFTools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 53,48 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 173,96 Gb Free Space | 18,67% Space Free | Partition Type: NTFS
Drive W: | 750,00 Gb Total Space | 467,96 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
Computer Name: XXX-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2011 08:18:49 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
Fehler: Eine Zertifikatkette zu einer vertrauenswürdigen Stammzertifizierungsstelle
konnte nicht aufgebaut werden.
Error - 20.02.2011 08:34:49 | Computer Name = xxx-PC | Source = ATIeRecord | ID = 16389
Description = ATI EEU the creation of a class has failed
Error - 20.02.2011 10:37:43 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pes2011.exe, Version: 1.3.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: pes2011.exe, Version: 1.3.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00cc8ad7 ID des fehlerhaften Prozesses:
0xd64 Startzeit der fehlerhaften Anwendung: 0x01cbd10b9cd57443 Pfad der fehlerhaften
Anwendung: W:\Spiele installiert\Pro Evolution Soccer 2011\pes2011.exe Pfad des
fehlerhaften Moduls: W:\Spiele installiert\Pro Evolution Soccer 2011\pes2011.exe
Berichtskennung:
f9502459-3cfe-11e0-8ffd-001966772e83
Error - 20.02.2011 10:48:45 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 20.02.2011 10:48:49 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 20.02.2011 10:48:50 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 20.02.2011 10:49:00 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
[ System Events ]
Error - 20.02.2011 07:50:09 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 20.02.2011 07:50:09 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 20.02.2011 08:42:21 | Computer Name = xxx-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "W:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 20.02.2011 08:50:35 | Computer Name = xxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 20.02.2011 08:51:48 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 20.02.2011 10:03:06 | Computer Name = xxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 20.02.2011 11:26:27 | Computer Name = xxx-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "W:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 20.02.2011 11:27:25 | Computer Name = xxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 20.02.2011 12:34:18 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TunngleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.02.2011 12:35:26 | Computer Name = xxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
Danke für Hilfe, bei Fragen bitte melden.... |
| Themen zu Unerwünschte Weiterleitung bei Google im Firefox |
| autorun, c:\windows\system32\rundll32.exe, computer, computern, desktop, email, error, explorer, extras.txt, fehler, firefox, format, frage, google, hijack, home, home premium, ieframe.dll, install.exe, installation, langs, location, logfile, mozilla, msiinstaller, oldtimer, otl.txt, plug-in, problem, programdata, prozessor, realtek, registry, rundll, saver, security, shell32.dll, shortcut, software, sptd.sys, start menu, system, system neu, syswow64, webcheck, windows |
Baum-Darstellung