Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Falsche Webseite gezeigt- komische Weiterleitung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.03.2011, 01:09   #1
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Wenn ich in google valerie-bistro.vipphoto.ch eingebe und dann anklicke, erscheint hxxp://www.sta-duesseldorf.nrw.de/
Dasselbe passiert, wenn ich es in meinem Counter bei einer meiner Domain in Verweisende Domain mache.

Auf anderen PCs ( meine und fremde) werden die Seiten ganz normal aufgerufen, also ohne Weiterleitung auf
hxxp://www.sta-duesseldorf.nrw.de/
Was kann es sein?

Also jetzt habe ich festgestellt es passiert nur bei IE - hier kommt hxxp://www.sta-duesseldorf.nrw.de/
Bei Verwendung von Mozilla Firefox werden die Seiten ganz normal gezeigt.
Das Betrifft nur ein bestimmnten PC.

Bei anderen PC werden die Seiten im IE und Mozilla richtig aufgerufen.

Alt 07.03.2011, 18:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 10.03.2011, 19:56   #3
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.3.2011 19:38:22 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
 
1*015,00 Mb Total Physical Memory | 399,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,82% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
 
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{197FA988-770D-4DC0-BD4F-00F2C1463F33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2C3C3232-FFB9-4310-B6D2-420FC4A4E160}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{47E7BAE7-AC08-4BA6-8F4C-3C3B6822BACB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6AF96449-2063-440A-8D3E-142C48C8D54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{705A5C1D-FD32-48F6-8BED-FB2858513572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92017CE3-14EF-476D-BF51-E785FADB390E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CE852A01-6B43-4054-955E-EF9211CF15F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FDAC7EDA-3076-400E-B93C-F442D307C673}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C67C573-9C79-4F8E-B8CB-D90D22498920}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{20963985-0BA9-44BD-A9F3-E998A9ED5408}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2CB56535-681A-4864-A718-C2466026C246}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{527331F3-1EF3-4EB6-BA49-DF1E98B16890}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{528A7E72-B0F1-4008-BA51-D79D078A5013}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5713DDAC-F149-4D6F-9566-14F673834BF3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{6CFCA493-2A86-4DA3-894F-D3753923EC66}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{8193666E-D59D-43F1-8F5C-30061F23ED55}" = protocol=6 | dir=in | app=c:\program files\mirabyte\superhtml 8.0 web studio\shtml8.exe | 
"{930D92C8-6FC2-49F3-B29F-9C728F386170}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94BBC0C8-EFDC-46BE-987B-050241EB8E1F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A5E92612-478C-4113-B964-B854FB672D8B}" = protocol=17 | dir=in | app=c:\program files\mirabyte\superhtml 8.0 web studio\shtml8.exe | 
"{AFFCDFC8-06C7-4212-8AEB-F027C7153D95}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D0C9EBDF-EC78-4BB1-BEFE-5555558EEC0A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D9A5AF8D-2C70-4D13-9FD9-D5519B82BA28}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{E36F5D40-8E61-4266-A605-674D6BD6FF32}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{F53E38F4-CC1B-452C-BEC4-0E836A7D982B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{3CAD9BE9-AC55-4C17-8668-0374688ACF0E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{53B30E75-3844-46F7-AC78-A714BC577A59}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F4C751B9-992D-48A1-94E2-1A498310169C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{88ED829B-6087-4DD0-AA18-10DAABDC8028}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{C13177F0-BC2E-4FB7-9E52-2235FC488ACF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E456DF4B-F7BA-4856-9B5B-A92904F5C1C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B1BBDC-7FAA-4A03-9988-A85428BAD382}" = Sun ODF Plugin for Microsoft Office 3.0
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{19789B73-7489-4EE0-8040-6C4DD5C1AF52}" = SuperHTML Web Studio
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2907F3FC-067B-4903-949B-6856737CB277}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 C1
"{355FADAF-55C4-4E08-88D4-A86C4CA6930C}" = HP Wireless Assistant
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACFE14D-6A85-4F24-89AF-5F537E5CF423}" = HP Credential Manager for ProtectTools
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 E4
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C8A10AA2-9905-46A4-B2D6-D4986DD6221D}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E220724C-C477-4BD7-91D2-CABB0F475140}" = HP User Guide 0045
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E58CC698-443D-43E9-89BF-BC91885EEC54}" = Essential System Updates for Microsoft Windows Vista
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Registry Cleaner 1.1_is1" = AVS Registry Cleaner version 1.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CCleaner" = CCleaner (remove only)
"Core FTP LE 2.1" = Core FTP LE 2.1
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Half-Life" = Half-Life
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Security Task Manager" = Security Task Manager 1.7g
"Sierra Utilities" = Sierra Utilities
"SpeedSim" = SpeedSim
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.1.2011 16:07:52 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel
 0x4ccf92fb, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000c73c,  Prozess-ID 0xee0, Anwendungsstartzeit
 01cbc0b0b5de20c6.
 
Error - 1.2.2011 14:54:33 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 9b4  Anfangszeit: 01cbc24139bd5e49  Zeitpunkt der Beendigung:
 42
 
Error - 3.2.2011 15:17:16 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c28  Anfangszeit: 01cbc3d6a2fc8826  Zeitpunkt der Beendigung:
 78
 
Error - 22.2.2011 7:20:44 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_ProfSvc, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
 0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x00067917,  Prozess-ID 0x438, 
Anwendungsstartzeit 01cbd1d6e7f1ed61.
 
Error - 22.2.2011 7:21:25 | Computer Name = Dery-PC | Source = SDWinSec.exe | ID = 0
Description = 
 
Error - 25.2.2011 10:58:01 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel
 0x4d0c3d4c, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18393, Zeitstempel
 0x4d39b5c7, Ausnahmecode 0xc0000005, Fehleroffset 0x00088faa,  Prozess-ID 0x9cc, 
Anwendungsstartzeit 01cbd4bdd3bd08eb.
 
Error - 26.2.2011 7:10:57 | Computer Name = Dery-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl.Exe, Version 1.0.1.0, Zeitstempel 0x3749e58a,
 fehlerhaftes Modul sw.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x37386b38, Ausnahmecode
 0xc0000005, Fehleroffset 0x086a44f7,  Prozess-ID 0xc40, Anwendungsstartzeit 01cbd5a3a5929640.
 
Error - 27.2.2011 13:39:07 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19019 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 3b4  Anfangszeit: 01cbd6a42c11c5f0  Zeitpunkt
 der Beendigung: 62
 
Error - 28.2.2011 11:20:52 | Computer Name = Dery-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: efc  Anfangszeit: 01cbd75aa0cc1841  Zeitpunkt der Beendigung:
 16
 
Error - 1.3.2011 15:35:29 | Computer Name = Dery-PC | Source = EventSystem | ID = 4609
Description = 
 
[ Credential Manager Events ]
Error - 26.2.2011 13:42:27 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Dery@Dery-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 26.2.2011 13:42:27 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Dery@Dery-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 26.2.2011 13:42:28 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Dery@Dery-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 26.2.2011 13:42:28 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Dery@Dery-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 26.2.2011 13:42:30 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Dery@Dery-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 26.2.2011 13:42:30 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Dery@Dery-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 26.2.2011 13:42:31 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Dery@Dery-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 26.2.2011 13:42:31 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Dery@Dery-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 26.2.2011 13:45:01 | Computer Name = Dery-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Dery@Dery-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 26.2.2011 13:45:01 | Computer Name = Dery-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Dery@Dery-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 6.3.2011 3:08:16 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6.3.2011 13:36:39 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6.3.2011 14:09:52 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6.3.2011 14:14:48 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 6.3.2011 14:25:45 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7.3.2011 3:29:24 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7.3.2011 5:55:19 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8.3.2011 12:50:48 | Computer Name = Dery-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.03.2011 um 17:48:38 unerwartet heruntergefahren.
 
Error - 8.3.2011 12:51:11 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8.3.2011 16:34:12 | Computer Name = Dery-PC | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.3.2011 19:38:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
 
1*015,00 Mb Total Physical Memory | 399,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,82% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
 
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\ParetoLogic\DriverCure\DriverCure.exe (ParetoLogic)
PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M]
 
[2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions
[2011.03.10 19:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions
[2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 9058 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 360 Days ==========
 
[2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla
[2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla
[2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes
[2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware
[2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll
[2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2011.02.09 13:56:06 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 13:56:02 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 13:56:01 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 13:55:20 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 13:55:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.09 13:53:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.09 13:53:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 13:53:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 13:53:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.09 13:53:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 13:53:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 13:53:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.09 13:53:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.09 13:53:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.09 13:53:41 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.09 13:53:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.09 13:53:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.09 13:53:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.09 13:53:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.09 13:53:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.09 13:53:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.09 13:53:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.01.12 15:58:09 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 15:58:05 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.12.30 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\mirabyte
[2010.12.30 22:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperHTML 8.0 Web Studio
[2010.12.30 22:13:56 | 000,000,000 | ---D | C] -- C:\Programme\mirabyte
[2010.12.30 22:09:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.16 07:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 07:33:18 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 07:33:17 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 07:33:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 07:33:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 07:33:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.10.29 07:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010.10.29 07:27:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Panasonic
[2010.10.23 18:45:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Chat Republic Games
[2010.10.23 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc
[2010.10.23 15:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Aspyr Media, Inc
[2010.10.14 23:17:45 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 23:16:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 23:14:58 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 23:14:24 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 23:14:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 22:50:28 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 22:38:05 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.24 19:09:17 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
[2010.09.24 19:09:15 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2010.09.24 19:09:15 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2010.09.24 19:09:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic
[2010.09.24 19:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2010.09.24 19:08:37 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2010.09.24 19:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.09.24 19:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.09.15 19:21:12 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.08.12 09:20:45 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 09:20:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.07.08 21:01:01 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.07.08 21:01:01 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.07.08 21:01:01 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.09 08:04:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.05 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2010.06.05 22:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus
[2010.06.05 22:31:09 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010.06.05 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\Dery\Documents\Image Converter Plus
[2010.06.05 22:31:05 | 000,180,224 | ---- | C] (fCoder Group International) -- C:\Windows\System32\cnvshell.dll
[2010.06.05 22:30:58 | 000,000,000 | ---D | C] -- C:\Programme\ImageConverter Plus
[2010.06.04 21:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010.06.04 21:03:28 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.04.14 22:15:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 22:12:07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 22:12:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2011.03.10 19:42:35 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2011.03.10 18:50:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.10 18:50:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.10 18:50:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.10 10:33:53 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
[2011.03.09 22:00:27 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.03.09 22:00:27 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.08 17:51:18 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.07 10:37:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.02.09 22:26:01 | 000,310,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.01.08 09:47:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.01.08 07:28:49 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.01.07 20:44:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.01.06 13:30:42 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.06 13:30:41 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.06 13:30:41 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.06 13:30:41 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.31 14:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.30 22:14:13 | 000,000,283 | ---- | M] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2010.12.29 19:28:45 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010.12.29 19:26:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.18 07:23:39 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.18 07:23:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.18 07:23:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.18 07:22:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.18 07:22:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.18 07:22:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.18 07:22:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.18 07:22:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.18 07:22:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.18 07:22:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.18 07:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.18 07:22:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.18 06:25:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.18 05:48:39 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.18 05:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.18 05:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.18 05:47:11 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.11.04 19:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.11.04 19:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.11.04 19:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.10.28 14:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.10.15 15:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.10.15 15:08:12 | 003,550,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.09.24 19:09:25 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk
[2010.09.24 19:09:05 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2010.09.13 14:56:41 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.09.06 17:19:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.08.31 16:46:37 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.08.31 16:46:37 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.08.26 17:37:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.20 17:05:07 | 000,867,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.07.31 14:53:24 | 004,581,351 | ---- | M] () -- C:\Users\Dery\Documents\Markus-Christof Beroun 2010.jpg
[2010.07.25 06:37:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
[2010.06.18 18:31:29 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.06.16 16:30:44 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.06.05 23:36:55 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG (2)
[2010.06.05 22:49:18 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG (1)
[2010.06.05 22:48:36 | 000,005,112 | ---- | M] () -- C:\Users\Dery\Documents\EHA Logo JPG
[2010.06.05 22:31:11 | 000,000,788 | ---- | M] () -- C:\Users\Dery\Desktop\ImageConverter Plus.lnk
[2010.06.05 22:10:31 | 001,862,326 | ---- | M] () -- C:\Users\Dery\Documents\elite_logo.tif
[2010.05.27 21:08:17 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.05.23 22:14:11 | 000,015,182 | ---- | M] () -- C:\Users\Dery\Documents\35103J.jpg
[2010.05.23 11:16:10 | 000,198,807 | ---- | M] () -- C:\Users\Dery\Documents\Visitenkarte s Logo EHA -deutsch.jpg
[2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.04.05 18:02:42 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.04.05 18:01:01 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.04.03 21:36:05 | 000,062,276 | ---- | M] () -- C:\Users\Dery\Documents\Plakat1.pdf
[2010.03.23 09:52:05 | 000,000,104 | ---- | M] () -- C:\Users\Dery\Documents\Computer - Verknüpfung.lnk
[2010.03.19 14:55:45 | 000,007,680 | ---- | M] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2011.01.07 20:44:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2010.10.02 08:23:39 | 004,581,351 | ---- | C] () -- C:\Users\Dery\Documents\Markus-Christof Beroun 2010.jpg
[2010.09.24 19:09:25 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk
[2010.09.24 19:09:05 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2010.07.25 06:38:02 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010.06.05 23:36:55 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG (2)
[2010.06.05 22:49:18 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG (1)
[2010.06.05 22:48:36 | 000,005,112 | ---- | C] () -- C:\Users\Dery\Documents\EHA Logo JPG
[2010.06.05 22:31:11 | 000,000,788 | ---- | C] () -- C:\Users\Dery\Desktop\ImageConverter Plus.lnk
[2010.05.23 22:15:06 | 000,015,182 | ---- | C] () -- C:\Users\Dery\Documents\35103J.jpg
[2010.05.23 11:17:25 | 000,198,807 | ---- | C] () -- C:\Users\Dery\Documents\Visitenkarte s Logo EHA -deutsch.jpg
[2010.04.11 21:00:50 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2010.04.11 21:00:50 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.03 21:36:03 | 000,062,276 | ---- | C] () -- C:\Users\Dery\Documents\Plakat1.pdf
[2010.03.23 09:52:05 | 000,000,104 | ---- | C] () -- C:\Users\Dery\Documents\Computer - Verknüpfung.lnk
[2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat
[2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat
[2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Files - Unicode (All) ==========
[2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
[2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV

< End of report >
         
--- --- ---
[code]

Code:
ATTFilter
www.malwarebytes.org

Datenbank Version: 5993

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

9.3.2011 0:37:47
mbam-log-2011-03-09 (00-37-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 282549
Laufzeit: 1 Stunde(n), 49 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
         
Ich hoffe das hilft weiter.
__________________

Alt 10.03.2011, 20:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.03.2011, 20:33   #5
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Es gibt noch dieses Log vom 5.3.
Sonst sind keine Einträge im Reiter Logdateien

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5956

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

5.3.2011 0:15:23
mbam-log-2011-03-05 (00-15-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145403
Laufzeit: 11 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 11.03.2011, 09:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Falsche Webseite gezeigt- komische Weiterleitung

Alt 12.03.2011, 09:03   #7
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.3.2011 8:49:41 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
 
1*015,00 Mb Total Physical Memory | 314,00 Mb Available Physical Memory | 31,00% Memory free:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
:Commands
[purity]
[resethosts]
[emptytemp]

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,62 Gb Free Space | 45,85% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
 
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M]
 
[2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions
[2011.03.11 22:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions
[2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 9058 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla
[2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla
[2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes
[2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware
[2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll
[2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.12 08:52:33 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2011.03.12 08:40:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 23:25:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 23:25:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 21:26:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.11 21:08:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.11 20:56:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.03.11 20:56:48 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.03.10 23:24:04 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
[2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat
[2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat
[2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] >
 
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a >
 
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
 
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe >
 
< O33 - MountPoints2\G\Shell - "" = AutoRun >
 
< O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
 
< :Commands >
 
< [purity] >
 
< [resethosts] >
 
< [emptytemp] >
 
========== Files - Unicode (All) ==========
[2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
[2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV

< End of report >
         
--- --- ---
Hoffentlich paßt

Alt 12.03.2011, 12:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



In dem Log hast du irgendwie alles durcheinandergeworfen. Bitte prüfen...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2011, 20:27   #9
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.3.2011 20:08:04 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dery\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Tschechische Republik | Language: CSY | Date Format: d.M.yyyy
 
1*015,00 Mb Total Physical Memory | 96,00 Mb Available Physical Memory | 9,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,77 Gb Total Space | 30,60 Gb Free Space | 45,83% Space Free | Partition Type: NTFS
Drive D: | 6,20 Gb Total Space | 0,80 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,29 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,19 Gb Free Space | 95,78% Space Free | Partition Type: UDF
 
Computer Name: Dery-PC | User Name: Dery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\iashost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dery\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 08:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 08:21:22 | 000,000,000 | ---D | M]
 
[2011.03.05 08:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Extensions
[2011.03.11 22:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions
[2011.03.10 19:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dery\AppData\Roaming\mozilla\Firefox\Profiles\8olgh73a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.05 08:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.20 18:38:42 | 000,260,839 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 9058 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.09 08:19:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 08:19:16 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 08:19:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 08:19:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.05 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.05 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\Mozilla
[2011.03.05 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Mozilla
[2011.03.05 08:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.05 08:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.05 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Roaming\Malwarebytes
[2011.03.05 00:03:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.05 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.05 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.05 00:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.05 00:03:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.04 23:38:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.04 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.04 23:38:15 | 000,000,000 | ---D | C] -- C:\Users\Dery\AppData\Local\PackageAware
[2011.02.27 20:34:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.02.27 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2011.02.27 20:22:43 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2011.02.27 20:22:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.02.27 20:21:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.02.27 20:21:16 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.02.27 20:16:48 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.02.27 20:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2011.02.27 20:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.02.27 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011.02.26 11:52:56 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\System32\SierraNW.dll
[2011.02.26 11:52:56 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\System32\SNWValid.dll
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2011.02.26 11:52:51 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011.02.26 11:51:34 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.12 20:17:01 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2011.03.12 19:40:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.03.12 19:40:06 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.03.12 19:40:00 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.12 19:40:00 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.12 19:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.12 16:55:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.12 15:10:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.12 10:21:31 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
[2011.03.08 22:46:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.05 08:21:26 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.04 23:39:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.27 08:32:02 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011.02.26 11:54:38 | 000,000,342 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.22 12:22:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2011.02.10 23:03:21 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[6 C:\Users\Dery\Documents\*.tmp files -> C:\Users\Dery\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.05 08:21:26 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.05 00:03:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 23:39:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.04 23:38:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.02.27 20:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.02.27 20:36:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.02.27 20:35:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.02.27 20:15:37 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.02.26 11:51:39 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.26 11:50:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.22 12:26:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE8B0A0E-0C2D-4843-BE8F-41F13F8893A2}.job
[2010.12.30 22:13:31 | 000,000,283 | ---- | C] () -- C:\Windows\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2009.11.23 09:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\d3d9caps.dat
[2009.08.24 22:27:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.24 22:27:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.24 22:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.23 18:26:54 | 000,000,095 | ---- | C] () -- C:\Users\Dery\AppData\Local\fusioncache.dat
[2008.05.11 12:42:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.04.29 18:59:55 | 000,007,680 | ---- | C] () -- C:\Users\Dery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.26 18:59:47 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.04.26 18:59:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 19:45:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.04.25 19:45:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.04.25 19:45:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.04.25 19:45:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.04.25 19:45:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006.12.18 22:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006.12.18 22:07:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.18 22:07:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.12.18 22:07:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.28 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:38:05 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] >
 
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a >
 
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
 
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe >
 
< O33 - MountPoints2\G\Shell - "" = AutoRun >
 
< O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe >
 
< :Commands >
 
< [purity] >
 
< [resethosts] >
 
< [emptytemp] >
 
========== Files - Unicode (All) ==========
[2009.04.15 19:30:09 | 000,012,213 | ---- | M] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.04.15 19:30:07 | 000,012,213 | ---- | C] ()(C:\Users\Dery\Documents\15.04 09 ????????????+online+(russisch).odt) -- C:\Users\Dery\Documents\15.04 09 Бронирование+online+(russisch).odt
[2009.03.26 23:25:53 | 000,012,054 | ---- | M] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
[2009.03.26 23:25:52 | 000,012,054 | ---- | C] ()(C:\Users\Dery\Documents\?????+??????????!.odt) -- C:\Users\Dery\Documents\Добро+пожаловать!.odt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 981 bytes -> C:\Users\Dery\Documents\Re_ [Ticket_2009071667000512] Reseller-ID_,olichn.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Dery\Documents\3-video.mpeg:TOC.WMV

< End of report >
         
--- --- ---

Hoffentlich ist es jetzt o.k.
Also die Seite valerie-bistro.vipphoto.ch kommt nicht mehr auf meine Seite
Dafür kommt logistique.li und es passiert das gleiche.

Alt 13.03.2011, 14:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Das ist nicht das Log vom Fixen!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.03.2011, 21:11   #11
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265cfb14-ef62-11dd-8b2c-0017a4e32380}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd743f-1ea7-11dd-9716-0017a4e32380}\ not found.
File G:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfd746e-1ea7-11dd-9716-0017a4e32380}\ not found.
File H:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\StartVMCLite.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dery
->Temp folder emptied: 533498 bytes
->Temporary Internet Files folder emptied: 78801761 bytes
->Java cache emptied: 5184264 bytes
->FireFox cache emptied: 43529792 bytes
->Flash cache emptied: 7004 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528366 bytes
RecycleBin emptied: 119937 bytes

Total Files Cleaned = 123,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03152011_210137

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRSQ6X2F(7)\cial=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=9334830950503814012345678910ab not found!
File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRSQ6X2F(7)\epage&site=freemail&special=rectangle&category=homepage&adsize=300x250&adsize=310x170&pageview=loggedin&pageview=no_ tprof&pg=m&pa=52&pp=D__85570&Params[1].htm not found!
File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L7GX8LXG(6)\ial=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=52&p p=D__85570&pn=3B&si=1z9oB.1lq28L.25rW9y[1] not found!
File\Folder C:\Users\Dery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L7GX8LXG(6)\ial=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=52&p p=D__85570&pn=3B&si=1z9oB.1lq28L.25rW9y[2] not found!

Registry entries deleted on Reboot...

----------------------------------
Also hoffentlich paßt jetzt.....

Alt 15.03.2011, 21:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2011, 00:31   #13
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Hi,
ich habe combofix installiert, aber ich bringe es nicht zum Laufen. Es durchsucht nicht....und ich habe leider keine Ahnung warum....

Gruß
Dery

Alt 16.03.2011, 10:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Starte den Rechner neu, lade cf neu runter wieder als cofi.exe und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2011, 23:07   #15
Dery
 
Falsche Webseite gezeigt- komische Weiterleitung - Standard

Falsche Webseite gezeigt- komische Weiterleitung



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-16.01 - Dery 16.03.2011  22:37:37.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1015.319 [GMT 1:00]
ausgeführt von:: c:\users\Dery\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 21:46 . 2011-03-16 21:53	--------	d-----w-	c:\users\Dery\AppData\Local\temp
2011-03-16 21:46 . 2011-03-16 21:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-15 20:01 . 2011-03-15 20:01	--------	d-----w-	C:\_OTL
2011-03-15 13:26 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{44F6E55C-9FB7-4FD5-94DE-21355D4518AA}\mpengine.dll
2011-03-15 00:14 . 2011-03-15 00:14	--------	d-----w-	c:\users\Dery\AppData\Roaming\Avira
2011-03-09 07:19 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 07:19 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 07:19 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 07:19 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 07:19 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 07:19 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-05 18:03 . 2011-03-05 18:04	--------	d-----w-	c:\programdata\Norton
2011-03-05 07:21 . 2011-03-05 07:21	--------	d-----w-	c:\users\Dery\AppData\Local\Mozilla
2011-03-04 23:03 . 2011-03-04 23:03	--------	d-----w-	c:\users\Dery\AppData\Roaming\Malwarebytes
2011-03-04 23:03 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 23:03 . 2011-03-04 23:03	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-04 23:03 . 2011-03-08 21:46	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-04 23:03 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-04 22:38 . 2011-03-04 22:38	--------	dc-h--w-	c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-04 22:38 . 2011-03-04 22:38	--------	d-----w-	c:\program files\Uniblue
2011-03-04 22:38 . 2011-03-04 22:38	--------	d-----w-	c:\users\Dery\AppData\Local\PackageAware
2011-02-27 19:34 . 2009-07-14 17:45	445008	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2011-02-27 19:34 . 2009-07-14 17:45	38480	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2011-02-27 19:31 . 2011-02-27 19:31	--------	d-----w-	c:\programdata\Nokia
2011-02-27 19:22 . 2011-02-27 19:22	--------	d-----w-	c:\program files\DIFX
2011-02-27 19:22 . 2008-08-26 09:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-02-27 19:21 . 2011-02-27 19:22	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-02-27 19:21 . 2011-02-27 19:21	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-02-27 19:16 . 2010-02-26 13:32	92672	----a-w-	c:\windows\system32\nmwcdcls.dll
2011-02-27 19:15 . 2011-02-27 19:16	--------	d-----w-	c:\program files\Nokia
2011-02-27 19:15 . 2011-02-27 19:15	--------	d-----w-	c:\program files\Common Files\Nokia
2011-02-27 19:13 . 2011-02-27 19:13	--------	d-----w-	c:\programdata\Installations
2011-02-26 10:52 . 1999-05-19 17:39	231936	----a-w-	c:\windows\system32\SNWValid.dll
2011-02-26 10:52 . 1999-05-19 17:39	1022976	----a-w-	c:\windows\system32\SierraNW.dll
2011-02-26 10:52 . 2011-02-26 10:54	--------	d-----w-	C:\SIERRA
2011-02-26 10:52 . 2011-02-26 10:52	--------	d-----w-	c:\program files\Sierra On-Line
2011-02-26 10:51 . 1998-10-21 17:43	328704	----a-w-	c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 18:27	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-10 13:23 . 2009-06-22 05:13	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-10 13:23 . 2009-06-22 05:13	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-08 08:47 . 2011-02-09 12:55	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 12:55	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 12:56	2039808	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 14:58	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 12:53	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 12:53	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 12:53	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 12:53	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-12-18 06:22 . 2011-02-09 12:53	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-12-18 05:25 . 2011-02-09 12:53	385024	----a-w-	c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 12:53	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 12:53	1638912	----a-w-	c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-9-24 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-15 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-03-13 c:\windows\Tasks\DriverCure_sch_73662D7B-1447-11DE-887A-0017A4E32380.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 20:36]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 20:36]
.
2011-03-16 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2011-03-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2011-03-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
2011-03-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{1FA8790F-BF54-4C89-ADF4-1F10FFEEB08B}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dery\AppData\Roaming\Mozilla\Firefox\Profiles\8olgh73a.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3228)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\iashost.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-16  22:59:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-16 21:58
.
Vor Suchlauf: 13 Verzeichnis(se), 34*906*976*256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 34*447*548*416 Bytes frei
.
- - End Of File - - 83E0D37293B42E75C774FE3A06432993
         
--- --- ---

-------------------------------------
Geschafft

Gruß
Dery

Antwort

Themen zu Falsche Webseite gezeigt- komische Weiterleitung
andere, anderen, counter, domain, eingebe, erschein, erscheint, falsche, fremde, google, klicke, komische, pcs, seite, seiten, verweise, webseite, weiterleitung



Ähnliche Themen: Falsche Webseite gezeigt- komische Weiterleitung


  1. Bank Austria Onlinebanking, falsche Webseite
    Plagegeister aller Art und deren Bekämpfung - 19.11.2015 (16)
  2. Falsche Weiterleitung, falsche Werbung, Laptop langsam, fährt lange runter
    Log-Analyse und Auswertung - 17.07.2015 (94)
  3. Google-Suchergebnisse: Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (11)
  4. Falsche Weiterleitung von Browserlinks
    Log-Analyse und Auswertung - 08.02.2013 (17)
  5. falsche Weiterleitung bei Suchmaschinenanfragen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2013 (11)
  6. Falsche google Weiterleitung
    Log-Analyse und Auswertung - 09.12.2012 (21)
  7. Firefox - Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (1)
  8. Weiterleitung auf falsche Seiten (Suchmaschinen)
    Log-Analyse und Auswertung - 04.06.2012 (24)
  9. Google-Weiterleitung auf komische Seite
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  10. Weiterleitung auf falsche Seite
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (2)
  11. Komische, falsche E-mail
    Überwachung, Datenschutz und Spam - 26.09.2010 (0)
  12. Google-Ergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (2)
  13. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 11.03.2009 (39)
  14. Google Suchergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 10.12.2007 (0)
  15. Teilweise Weiterleitung Auf Komische Seiten
    Log-Analyse und Auswertung - 07.09.2007 (12)
  16. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 07.03.2007 (3)
  17. Falsche Weiterleitung bei google
    Mülltonne - 05.10.2006 (1)

Zum Thema Falsche Webseite gezeigt- komische Weiterleitung - Wenn ich in google valerie-bistro.vipphoto.ch eingebe und dann anklicke, erscheint hxxp://www.sta-duesseldorf.nrw.de/ Dasselbe passiert, wenn ich es in meinem Counter bei einer meiner Domain in Verweisende Domain mache. Auf anderen PCs - Falsche Webseite gezeigt- komische Weiterleitung...
Archiv
Du betrachtest: Falsche Webseite gezeigt- komische Weiterleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.