| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Falsche Webseite gezeigt- komische WeiterleitungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2011, 01:09
| #1 |
 |  Falsche Webseite gezeigt- komische Weiterleitung Wenn ich in google valerie-bistro.vipphoto.ch eingebe und dann anklicke, erscheint hxxp://www.sta-duesseldorf.nrw.de/ Dasselbe passiert, wenn ich es in meinem Counter bei einer meiner Domain in Verweisende Domain mache. Auf anderen PCs ( meine und fremde) werden die Seiten ganz normal aufgerufen, also ohne Weiterleitung auf hxxp://www.sta-duesseldorf.nrw.de/ Was kann es sein? Also jetzt habe ich festgestellt es passiert nur bei IE - hier kommt hxxp://www.sta-duesseldorf.nrw.de/ Bei Verwendung von Mozilla Firefox werden die Seiten ganz normal gezeigt. Das Betrifft nur ein bestimmnten PC. Bei anderen PC werden die Seiten im IE und Mozilla richtig aufgerufen. |
|
07.03.2011, 18:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Falsche Webseite gezeigt- komische Weiterleitung Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
10.03.2011, 19:56
| #3 |
| | Falsche Webseite gezeigt- komische Weiterleitung OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 10.3.2011 19:38:22 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
1*015,00 Mb Total Physical Memory | 399,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,82% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{197FA988-770D-4DC0-BD4F-00F2C1463F33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2C3C3232-FFB9-4310-B6D2-420FC4A4E160}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47E7BAE7-AC08-4BA6-8F4C-3C3B6822BACB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AF96449-2063-440A-8D3E-142C48C8D54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{705A5C1D-FD32-48F6-8BED-FB2858513572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92017CE3-14EF-476D-BF51-E785FADB390E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE852A01-6B43-4054-955E-EF9211CF15F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDAC7EDA-3076-400E-B93C-F442D307C673}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C67C573-9C79-4F8E-B8CB-D90D22498920}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{20963985-0BA9-44BD-A9F3-E998A9ED5408}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2CB56535-681A-4864-A718-C2466026C246}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{527331F3-1EF3-4EB6-BA49-DF1E98B16890}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{528A7E72-B0F1-4008-BA51-D79D078A5013}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5713DDAC-F149-4D6F-9566-14F673834BF3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6CFCA493-2A86-4DA3-894F-D3753923EC66}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8193666E-D59D-43F1-8F5C-30061F23ED55}" = protocol=6 | dir=in | app=c:\program files\mirabyte\superhtml 8.0 web studio\shtml8.exe |
"{930D92C8-6FC2-49F3-B29F-9C728F386170}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94BBC0C8-EFDC-46BE-987B-050241EB8E1F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A5E92612-478C-4113-B964-B854FB672D8B}" = protocol=17 | dir=in | app=c:\program files\mirabyte\superhtml 8.0 web studio\shtml8.exe |
"{AFFCDFC8-06C7-4212-8AEB-F027C7153D95}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D0C9EBDF-EC78-4BB1-BEFE-5555558EEC0A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D9A5AF8D-2C70-4D13-9FD9-D5519B82BA28}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E36F5D40-8E61-4266-A605-674D6BD6FF32}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F53E38F4-CC1B-452C-BEC4-0E836A7D982B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{3CAD9BE9-AC55-4C17-8668-0374688ACF0E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{53B30E75-3844-46F7-AC78-A714BC577A59}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F4C751B9-992D-48A1-94E2-1A498310169C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{88ED829B-6087-4DD0-AA18-10DAABDC8028}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{C13177F0-BC2E-4FB7-9E52-2235FC488ACF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E456DF4B-F7BA-4856-9B5B-A92904F5C1C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B1BBDC-7FAA-4A03-9988-A85428BAD382}" = Sun ODF Plugin for Microsoft Office 3.0
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{19789B73-7489-4EE0-8040-6C4DD5C1AF52}" = SuperHTML Web Studio
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2907F3FC-067B-4903-949B-6856737CB277}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 C1
"{355FADAF-55C4-4E08-88D4-A86C4CA6930C}" = HP Wireless Assistant
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACFE14D-6A85-4F24-89AF-5F537E5CF423}" = HP Credential Manager for ProtectTools
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 E4
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C8A10AA2-9905-46A4-B2D6-D4986DD6221D}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E220724C-C477-4BD7-91D2-CABB0F475140}" = HP User Guide 0045
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E58CC698-443D-43E9-89BF-BC91885EEC54}" = Essential System Updates for Microsoft Windows Vista
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Registry Cleaner 1.1_is1" = AVS Registry Cleaner version 1.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CCleaner" = CCleaner (remove only)
"Core FTP LE 2.1" = Core FTP LE 2.1
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Half-Life" = Half-Life
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Security Task Manager" = Security Task Manager 1.7g
"Sierra Utilities" = Sierra Utilities
"SpeedSim" = SpeedSim
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.1.2011 16:07:52 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel
0x4ccf92fb, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c73c, Prozess-ID 0xee0, Anwendungsstartzeit
01cbc0b0b5de20c6.
Error - 1.2.2011 14:54:33 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 9b4 Anfangszeit: 01cbc24139bd5e49 Zeitpunkt der Beendigung:
42
Error - 3.2.2011 15:17:16 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: c28 Anfangszeit: 01cbc3d6a2fc8826 Zeitpunkt der Beendigung:
78
Error - 22.2.2011 7:20:44 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_ProfSvc, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x00067917, Prozess-ID 0x438,
Anwendungsstartzeit 01cbd1d6e7f1ed61.
Error - 22.2.2011 7:21:25 | Computer Name = Dery-PC | Source = SDWinSec.exe | ID = 0
Description =
Error - 25.2.2011 10:58:01 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel
0x4d0c3d4c, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18393, Zeitstempel
0x4d39b5c7, Ausnahmecode 0xc0000005, Fehleroffset 0x00088faa, Prozess-ID 0x9cc,
Anwendungsstartzeit 01cbd4bdd3bd08eb.
Error - 26.2.2011 7:10:57 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl.Exe, Version 1.0.1.0, Zeitstempel 0x3749e58a,
fehlerhaftes Modul sw.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x37386b38, Ausnahmecode
0xc0000005, Fehleroffset 0x086a44f7, Prozess-ID 0xc40, Anwendungsstartzeit 01cbd5a3a5929640.
Error - 27.2.2011 13:39:07 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19019 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 3b4 Anfangszeit: 01cbd6a42c11c5f0 Zeitpunkt
der Beendigung: 62
Error - 28.2.2011 11:20:52 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: efc Anfangszeit: 01cbd75aa0cc1841 Zeitpunkt der Beendigung:
16
Error - 1.3.2011 15:35:29 | Computer Name = Dery-PC | Source = EventSystem | ID = 4609
Description =
[ Credential Manager Events ]
Error - 26.2.2011 13:42:27 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Dery@Dery-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.2.2011 13:42:27 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Dery@Dery-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 26.2.2011 13:42:28 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Dery@Dery-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.2.2011 13:42:28 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Dery@Dery-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 26.2.2011 13:42:30 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Dery@Dery-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.2.2011 13:42:30 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Dery@Dery-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 26.2.2011 13:42:31 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Dery@Dery-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.2.2011 13:42:31 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Dery@Dery-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 26.2.2011 13:45:01 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Dery@Dery-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.2.2011 13:45:01 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Dery@Dery-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 6.3.2011 3:08:16 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 6.3.2011 13:36:39 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 6.3.2011 14:09:52 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 6.3.2011 14:14:48 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 6.3.2011 14:25:45 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7.3.2011 3:29:24 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7.3.2011 5:55:19 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8.3.2011 12:50:48 | Computer Name = Dery-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.03.2011 um 17:48:38 unerwartet heruntergefahren.
Error - 8.3.2011 12:51:11 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8.3.2011 16:34:12 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.3.2011 19:38:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dery\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy 1*015,00 Mb Total Physical Memory | 399,00 Mb Available Physical Memory | 39,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,82% Space Free | Partition Type: NTFS Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\ParetoLogic\DriverCure\DriverCure.exe (ParetoLogic) PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation) SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M] [2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions [2011.03.10 19:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions [2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 9058 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 360 Days ========== [2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla [2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla [2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes [2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} [2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware [2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia [2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia [2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll [2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll [2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line [2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA [2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2011.02.09 13:56:06 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 13:56:02 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 13:56:01 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 13:55:20 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 13:55:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.09 13:53:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 13:53:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 13:53:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 13:53:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 13:53:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 13:53:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 13:53:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 13:53:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 13:53:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 13:53:41 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 13:53:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 13:53:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 13:53:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 13:53:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 13:53:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 13:53:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 13:53:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.01.12 15:58:09 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 15:58:05 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.12.30 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\mirabyte [2010.12.30 22:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperHTML 8.0 Web Studio [2010.12.30 22:13:56 | 000,000,000 | ---D | C] -- C:\Programme\mirabyte [2010.12.30 22:09:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard [2010.12.16 07:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 07:33:18 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 07:33:17 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 07:33:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 07:33:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 07:33:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.10.29 07:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2010.10.29 07:27:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Panasonic [2010.10.23 18:45:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Chat Republic Games [2010.10.23 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc [2010.10.23 15:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Aspyr Media, Inc [2010.10.14 23:17:45 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 23:16:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 23:14:58 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 23:14:24 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 23:14:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 22:50:28 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 22:38:05 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.24 19:09:17 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys [2010.09.24 19:09:15 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe [2010.09.24 19:09:15 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe [2010.09.24 19:09:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic [2010.09.24 19:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2010.09.24 19:08:37 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic [2010.09.24 19:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2010.09.24 19:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2010.09.15 19:21:12 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.08.12 09:20:45 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 09:20:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.07.08 21:01:01 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.07.08 21:01:01 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.07.08 21:01:01 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.09 08:04:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.05 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus [2010.06.05 22:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus [2010.06.05 22:31:09 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2010.06.05 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\Documents\Image Converter Plus [2010.06.05 22:31:05 | 000,180,224 | ---- | C] (fCoder Group International) -- C:\Windows\System32\cnvshell.dll [2010.06.05 22:30:58 | 000,000,000 | ---D | C] -- C:\Programme\ImageConverter Plus [2010.06.04 21:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010.06.04 21:03:28 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.04.14 22:15:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 22:12:07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 22:12:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2011.03.10 19:42:35 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job [2011.03.10 18:50:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.10 18:50:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.10 18:50:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.10 10:33:53 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job [2011.03.09 22:00:27 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.03.09 22:00:27 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.08 17:51:18 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.03.07 10:37:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI [2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job [2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.02.09 22:26:01 | 000,310,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.01.08 09:47:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.01.08 07:28:49 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.01.07 20:44:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.01.06 13:30:42 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.06 13:30:41 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.06 13:30:41 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.06 13:30:41 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.31 14:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.30 22:14:13 | 000,000,283 | ---- | M] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini [2010.12.29 19:28:45 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2010.12.29 19:26:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.18 07:23:39 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.18 07:23:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.18 07:23:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.18 07:22:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.18 07:22:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.18 07:22:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.18 07:22:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.18 07:22:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.18 07:22:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.18 07:22:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.18 07:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.18 07:22:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.18 06:25:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.18 05:48:39 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.18 05:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.18 05:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.18 05:47:11 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.11.04 19:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.11.04 19:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.11.04 19:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.10.28 14:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.10.15 15:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.10.15 15:08:12 | 003,550,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.09.24 19:09:25 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk [2010.09.24 19:09:05 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2010.09.13 14:56:41 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.09.06 17:19:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.08.31 16:46:37 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.08.31 16:46:37 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.08.26 17:37:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.08.20 17:05:07 | 000,867,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.07.31 14:53:24 | 004,581,351 | ---- | M] () -- C:\Users\Dery\Documents\Markus-Christof Beroun 2010.jpg [2010.07.25 06:37:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk [2010.06.18 18:31:29 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.06.16 16:30:44 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.06.05 23:36:55 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG (2) [2010.06.05 22:49:18 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG (1) [2010.06.05 22:48:36 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG [2010.06.05 22:31:11 | 000,000,788 | ---- | M] () -- C:\Users\Dery\Desktop\ImageConverter Plus.lnk [2010.06.05 22:10:31 | 001,862,326 | ---- | M] () -- C:\Users\Dery\Documents\elite_logo.tif [2010.05.27 21:08:17 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.05.23 22:14:11 | 000,015,182 | ---- | M] () -- C:\Users\Dery\Documents\35103J.jpg [2010.05.23 11:16:10 | 000,198,807 | ---- | M] () -- C:\Users\Dery\Documents\Visitenkarte s Logo EHA -deutsch.jpg [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.04.05 18:02:42 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.04.05 18:01:01 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.04.03 21:36:05 | 000,062,276 | ---- | M] () -- C:\Users\Dery\Documents\Plakat1.pdf [2010.03.23 09:52:05 | 000,000,104 | ---- | M] () -- C:\Users\Dery\Documents\Computer - Verknüpfung.lnk [2010.03.19 14:55:45 | 000,007,680 | ---- | M] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job [2011.01.07 20:44:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini [2010.10.02 08:23:39 | 004,581,351 | ---- | C] () -- C:\Users\Dery\Documents\Markus-Christof Beroun 2010.jpg [2010.09.24 19:09:25 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk [2010.09.24 19:09:05 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2010.07.25 06:38:02 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2010.06.05 23:36:55 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG (2) [2010.06.05 22:49:18 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG (1) [2010.06.05 22:48:36 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG [2010.06.05 22:31:11 | 000,000,788 | ---- | C] () -- C:\Users\Dery\Desktop\ImageConverter Plus.lnk [2010.05.23 22:15:06 | 000,015,182 | ---- | C] () -- C:\Users\Dery\Documents\35103J.jpg [2010.05.23 11:17:25 | 000,198,807 | ---- | C] () -- C:\Users\Dery\Documents\Visitenkarte s Logo EHA -deutsch.jpg [2010.04.11 21:00:50 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2010.04.11 21:00:50 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.04.03 21:36:03 | 000,062,276 | ---- | C] () -- C:\Users\Dery\Documents\Plakat1.pdf [2010.03.23 09:52:05 | 000,000,104 | ---- | C] () -- C:\Users\Dery\Documents\Computer - Verknüpfung.lnk [2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat [2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat [2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== Files - Unicode (All) ========== [2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt [2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt [2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt [2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt ========== Alternate Data Streams ========== @Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty @Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV < End of report > [code] Code:
ATTFilter www.malwarebytes.org
Datenbank Version: 5993
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
9.3.2011 0:37:47
mbam-log-2011-03-09 (00-37-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 282549
Laufzeit: 1 Stunde(n), 49 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
|
|
10.03.2011, 20:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2011, 20:33
| #5 |
| | Falsche Webseite gezeigt- komische Weiterleitung Es gibt noch dieses Log vom 5.3. Sonst sind keine Einträge im Reiter Logdateien Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5956
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
5.3.2011 0:15:23
mbam-log-2011-03-05 (00-15-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145403
Laufzeit: 11 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
11.03.2011, 09:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Falsche Webseite gezeigt- komische Weiterleitung |
|
12.03.2011, 09:03
| #7 |
| | Falsche Webseite gezeigt- komische Weiterleitung OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.3.2011 8:49:41 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
1*015,00 Mb Total Physical Memory | 314,00 Mb Available Physical Memory | 31,00% Memory free:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
:Commands
[purity]
[resethosts]
[emptytemp]
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,62 Gb Free Space | 45,85% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M]
[2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions
[2011.03.11 22:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions
[2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9058 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla
[2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla
[2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes
[2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware
[2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll
[2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.03.12 08:52:33 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2011.03.12 08:40:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 23:25:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 23:25:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 21:26:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.11 21:08:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.11 20:56:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.03.11 20:56:48 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.03.10 23:24:04 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
[2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat
[2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat
[2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
========== Custom Scans ==========
< :OTL >
< O32 - HKLM CDRom: AutoRun - 1 >
< O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] >
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun >
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a >
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe >
< O33 - MountPoints2\G\Shell - "" = AutoRun >
< O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
< :Commands >
< [purity] >
< [resethosts] >
< [emptytemp] >
========== Files - Unicode (All) ==========
[2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
[2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
========== Alternate Data Streams ==========
@Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV
< End of report >
Hoffentlich paßt |
|
12.03.2011, 12:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung In dem Log hast du irgendwie alles durcheinandergeworfen. Bitte prüfen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2011, 20:27
| #9 |
| | Falsche Webseite gezeigt- komische Weiterleitung OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.3.2011 20:08:04 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dery\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy 1*015,00 Mb Total Physical Memory | 96,00 Mb Available Physical Memory | 9,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,83% Space Free | Partition Type: NTFS Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation) SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M] [2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions [2011.03.11 22:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions [2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 9058 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla [2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla [2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes [2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} [2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware [2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia [2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia [2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll [2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll [2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line [2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA [2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.12 20:17:01 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job [2011.03.12 19:40:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011.03.12 19:40:06 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.03.12 19:40:00 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.12 19:40:00 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.12 19:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.12 16:55:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.03.12 15:10:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.12 10:21:31 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job [2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI [2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job [2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job [2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini [2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat [2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat [2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== Custom Scans ========== < :OTL > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] > < O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun > < O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a > < O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun > < O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe > < O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun > < O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe > < O33 - MountPoints2\G\Shell - "" = AutoRun > < O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe > < :Commands > < [purity] > < [resethosts] > < [emptytemp] > ========== Files - Unicode (All) ========== [2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt [2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt [2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt [2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt ========== Alternate Data Streams ========== @Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty @Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV < End of report > Hoffentlich ist es jetzt o.k. Also die Seite valerie-bistro.vipphoto.ch kommt nicht mehr auf meine Seite Dafür kommt logistique.li und es passiert das gleiche. |
|
13.03.2011, 14:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung Das ist nicht das Log vom Fixen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2011, 21:11
| #11 |
| | Falsche Webseite gezeigt- komische Weiterleitung All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. D:\Autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found. File G:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found. File H:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\StartVMCLite.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dery ->Temp folder emptied: 533498 bytes ->Temporary Internet Files folder emptied: 78801761 bytes ->Java cache emptied: 5184264 bytes ->FireFox cache emptied: 43529792 bytes ->Flash cache emptied: 7004 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 528366 bytes RecycleBin emptied: 119937 bytes Total Files Cleaned = 123,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03152011_210137 Files\Folders moved on Reboot... File move failed. D:\Autorun.inf scheduled to be moved on reboot. File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRSQ6X2F(7)\cial=rectangle&adsize=310x120¶ms[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=9334830950503814012345678910ab not found! File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRSQ6X2F(7)\epage&site=freemail&special=rectangle&category=homepage&adsize=300x250&adsize=310x170&pageview=loggedin&pageview=no_ tprof&pg=m&pa=52&pp=D__85570&Params[1].htm not found! File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L7GX8LXG(6)\ial=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=52&p p=D__85570&pn=3B&si=1z9oB.1lq28L.25rW9y[1] not found! File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L7GX8LXG(6)\ial=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=52&p p=D__85570&pn=3B&si=1z9oB.1lq28L.25rW9y[2] not found! Registry entries deleted on Reboot... ---------------------------------- Also hoffentlich paßt jetzt..... |
|
15.03.2011, 21:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 00:31
| #13 |
| | Falsche Webseite gezeigt- komische Weiterleitung Hi, ich habe combofix installiert, aber ich bringe es nicht zum Laufen. Es durchsucht nicht....und ich habe leider keine Ahnung warum.... Gruß Dery |
|
16.03.2011, 10:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche Webseite gezeigt- komische Weiterleitung Starte den Rechner neu, lade cf neu runter wieder als cofi.exe und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 23:07
| #15 |
| | Falsche Webseite gezeigt- komische Weiterleitung Combofix Logfile: Code:
ATTFilter ComboFix 11-03-16.01 - Dery 16.03.2011 22:37:37.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1015.319 [GMT 1:00]
ausgeführt von:: c:\users\Dery\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-16 bis 2011-03-16 ))))))))))))))))))))))))))))))
.
.
2011-03-16 21:46 . 2011-03-16 21:53 -------- d-----w- c:\users\Dery\AppData\Local\temp
2011-03-16 21:46 . 2011-03-16 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 20:01 . 2011-03-15 20:01 -------- d-----w- C:\_OTL
2011-03-15 13:26 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44F6E55C-9FB7-4FD5-94DE-21355D4518AA}\mpengine.dll
2011-03-15 00:14 . 2011-03-15 00:14 -------- d-----w- c:\users\Dery\AppData\Roaming\Avira
2011-03-09 07:19 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 07:19 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 07:19 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 07:19 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 07:19 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 07:19 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-05 18:03 . 2011-03-05 18:04 -------- d-----w- c:\programdata\Norton
2011-03-05 07:21 . 2011-03-05 07:21 -------- d-----w- c:\users\Dery\AppData\Local\Mozilla
2011-03-04 23:03 . 2011-03-04 23:03 -------- d-----w- c:\users\Dery\AppData\Roaming\Malwarebytes
2011-03-04 23:03 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 23:03 . 2011-03-04 23:03 -------- d-----w- c:\programdata\Malwarebytes
2011-03-04 23:03 . 2011-03-08 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 23:03 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 22:38 . 2011-03-04 22:38 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-04 22:38 . 2011-03-04 22:38 -------- d-----w- c:\program files\Uniblue
2011-03-04 22:38 . 2011-03-04 22:38 -------- d-----w- c:\users\Dery\AppData\Local\PackageAware
2011-02-27 19:34 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-02-27 19:34 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-02-27 19:31 . 2011-02-27 19:31 -------- d-----w- c:\programdata\Nokia
2011-02-27 19:22 . 2011-02-27 19:22 -------- d-----w- c:\program files\DIFX
2011-02-27 19:22 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-02-27 19:21 . 2011-02-27 19:22 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-27 19:21 . 2011-02-27 19:21 -------- d-----w- c:\program files\PC Connectivity Solution
2011-02-27 19:16 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-02-27 19:15 . 2011-02-27 19:16 -------- d-----w- c:\program files\Nokia
2011-02-27 19:15 . 2011-02-27 19:15 -------- d-----w- c:\program files\Common Files\Nokia
2011-02-27 19:13 . 2011-02-27 19:13 -------- d-----w- c:\programdata\Installations
2011-02-26 10:52 . 1999-05-19 17:39 231936 ----a-w- c:\windows\system32\SNWValid.dll
2011-02-26 10:52 . 1999-05-19 17:39 1022976 ----a-w- c:\windows\system32\SierraNW.dll
2011-02-26 10:52 . 2011-02-26 10:54 -------- d-----w- C:\SIERRA
2011-02-26 10:52 . 2011-02-26 10:52 -------- d-----w- c:\program files\Sierra On-Line
2011-02-26 10:51 . 1998-10-21 17:43 328704 ----a-w- c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 18:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-10 13:23 . 2009-06-22 05:13 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-10 13:23 . 2009-06-22 05:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-08 08:47 . 2011-02-09 12:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 12:55 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 12:56 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 14:58 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 12:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 12:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 12:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 12:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:22 . 2011-02-09 12:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 05:25 . 2011-02-09 12:53 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 12:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 12:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-9-24 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-15 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-03-13 c:\windows\Tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 20:36]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 20:36]
.
2011-03-16 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2011-03-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2011-03-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
2011-03-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{1FA8790F-BF54-4C89-ADF4-1F10FFEEB08B}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dery\AppData\Roaming\Mozilla\Firefox\Profiles\8olgh73a.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3228)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\iashost.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-16 22:59:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-16 21:58
.
Vor Suchlauf: 13 Verzeichnis(se), 34*906*976*256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 34*447*548*416 Bytes frei
.
- - End Of File - - 83E0D37293B42E75C774FE3A06432993
------------------------------------- Geschafft Gruß Dery |
|
| Themen zu Falsche Webseite gezeigt- komische Weiterleitung |
| andere, anderen, counter, domain, eingebe, erschein, erscheint, falsche, fremde, google, klicke, komische, pcs, seite, seiten, verweise, webseite, weiterleitung |
Linear-Darstellung
