| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Dieses Programm kann die Website nicht anzeigen"-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.09.2012, 20:19
| #1 |
 |  "Dieses Programm kann die Website nicht anzeigen"-Virus Liebe Forumgemeinde, erstmal herzlichen Dank für eure tolle Arbeit  . Gestern hat es mich nun auch erwischt. Beim Internetsurfen zeigte sich plötzlich ein weißer Bildschirm mit der Meldung “Dieses Programm kann die Webseite nicht anzeigen“. Der Taskmanager ließ sich nicht mehr starten. Nach Neustart war für etwa 2 Sekunden der normale Windowdesktop zu sehen, anschließend trat obriges Problem wieder auf. Das Starten im Abgesicherter Modus mit Netzwerkunterstützung war ohne Probleme möglich. Der vollständige Scan mit Malwarebytes brachte folgenden Befund.Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.09.07 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Stefan :: STEFANPC [Administrator] Schutz: Deaktiviert 10.09.2012 01:37:41 mbam-log-2012-09-10 (01-37-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199327 Laufzeit: 4 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|edgmoruasdbpond (Trojan.Winlock) -> Daten: C:\ProgramData\edgmorua.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\edgmorua.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stefan\ms.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nach Verschieben der infizierten Dateien in Quarantäne war ein Starten des Laptops im normalen Modus möglich, das System lief soweit getestet flüssig. Natürlich bin ich mir im klaren, dass das Problem möglicherweise noch nicht behoben ist, deshalb brauche ich nun eure Hilfe!! Vielen Dank schonmal! OTL Logfile: HTML-Code: OTL logfile created on: 10.09.2012 17:44:16 - Run 5 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Stefan\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 74,58% Memory free 5,92 Gb Paging File | 5,36 Gb Available in Paging File | 90,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 420,55 Gb Total Space | 215,34 Gb Free Space | 51,20% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,50 Gb Free Space | 97,53% Space Free | Partition Type: NTFS Computer Name: STEFANPC | User Name: Stefan | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.09.10 16:10:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2012.08.30 17:08:45 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.08.30 17:08:44 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.12.06 18:09:34 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012.08.30 17:08:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.05 10:50:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.01.14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.11.25 00:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.25 00:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2008.11.25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.25 00:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 21:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.01.05 00:50:24 | 000,054,800 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.07.30 11:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.19 18:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi) DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 131.188.24.42:3128 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..network.proxy.ftp: "131.188.24.42" FF - prefs.js..network.proxy.ftp_port: 2121 FF - prefs.js..network.proxy.http: "131.188.24.42" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks: "131.188.24.43" FF - prefs.js..network.proxy.socks_port: 1080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 17:08:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.17 10:50:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 17:08:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.17 10:50:32 | 000,000,000 | ---D | M] [2010.03.23 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2012.05.02 22:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\9442vttk.default\extensions [2012.04.07 19:06:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\9442vttk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.31 19:21:26 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\9442vttk.default\extensions\youtube2mp3@mondayx.de.xpi [2012.02.02 11:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.24 19:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.30 17:08:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.10 21:51:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:08:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.10 21:51:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 21:51:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.10 21:51:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 21:51:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEA64E4-7C41-43FE-8631-6C12866B3269}: DhcpNameServer = 131.188.0.10 131.188.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C64E587A-E51A-49D9-9E4D-B932512E90FA}: NameServer = 131.188.0.10,131.188.0.11,131.188.3.72,131.188.3.73 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.09.10 00:38:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.09.10 00:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.10 00:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.10 00:38:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.09.10 00:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.09 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Sophos [2012.09.09 22:47:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics [2012.09.09 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\bowkgewaseuihje [2012.08.31 14:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.31 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.08.25 10:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.08.15 23:24:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.08.15 23:24:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.08.15 23:24:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.08.15 23:24:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.08.15 23:24:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.08.15 23:24:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.08.15 23:24:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.08.15 07:16:52 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2012.08.15 07:16:51 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.08.15 07:16:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.09.10 17:17:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.10 17:17:23 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys [2012.09.10 16:55:39 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.09.10 15:50:12 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 15:50:12 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 15:40:42 | 000,701,108 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.09.10 15:40:42 | 000,662,950 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.09.10 15:40:42 | 000,147,762 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.09.10 15:40:42 | 000,124,144 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.09.10 01:44:00 | 000,017,506 | ---- | M] () -- C:\Users\Stefan\Documents\malware log datei.odt [2012.09.10 00:38:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 22:19:37 | 000,000,051 | ---- | M] () -- C:\ProgramData\egefvjefutrpawi [2012.08.31 15:03:29 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\lvuvc.hs [2012.08.31 14:33:55 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.25 10:22:58 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.08.16 07:11:36 | 000,447,528 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.08.12 21:40:34 | 000,014,173 | ---- | M] () -- C:\Users\Stefan\Documents\kretsche.odt [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.09.10 16:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.09.10 01:43:58 | 000,017,506 | ---- | C] () -- C:\Users\Stefan\Documents\malware log datei.odt [2012.09.10 00:38:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 22:19:32 | 000,000,051 | ---- | C] () -- C:\ProgramData\egefvjefutrpawi [2012.08.31 14:33:55 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.25 10:22:58 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.08.12 21:40:31 | 000,014,173 | ---- | C] () -- C:\Users\Stefan\Documents\kretsche.odt [2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.07.05 19:59:30 | 000,000,863 | ---- | C] () -- C:\Users\Stefan\.recently-used.xbel [2011.02.24 00:51:52 | 000,059,025 | ---- | C] () -- C:\Users\Stefan\Outdoorbroker-Outdoorbroker_Retoure-77EWLANMBU.pdf [2011.02.20 23:54:21 | 000,011,341 | ---- | C] () -- C:\Users\Stefan\application antwort.odt [2011.02.15 20:53:34 | 000,014,848 | ---- | C] () -- C:\Users\Stefan\Lösungen Füll B.odt [2011.02.11 19:04:38 | 000,009,007 | ---- | C] () -- C:\Users\Stefan\Barbados.odt [2011.02.04 00:59:23 | 000,016,764 | ---- | C] () -- C:\Users\Stefan\derma lösungen.odt [2011.01.31 15:33:43 | 000,997,600 | R--- | C] () -- C:\Users\Stefan\Bafögbescheinigung3 003.tif [2011.01.31 15:32:13 | 002,506,842 | R--- | C] () -- C:\Users\Stefan\Bafögbescheinigung1 001.tif [2011.01.31 15:16:13 | 002,228,628 | R--- | C] () -- C:\Users\Stefan\Bafögbescheinigung 002.tif [2011.01.15 00:32:30 | 000,430,364 | ---- | C] () -- C:\Users\Stefan\Unbenannt.PNG [2011.01.15 00:32:30 | 000,205,256 | ---- | C] () -- C:\Users\Stefan\Unbenanntdrg.PNG [2010.10.17 23:56:32 | 000,007,992 | ---- | C] () -- C:\Users\Stefan\Q7_Programm.pdf [2010.10.17 23:56:22 | 000,023,567 | ---- | C] () -- C:\Users\Stefan\Q7_Zeitplan.pdf [2010.07.14 18:17:56 | 000,108,500 | ---- | C] () -- C:\Users\Stefan\uetraeger_D773DD8A02FC523EDFFB60438F26E6F6.cit-prod-tomcat2[1].pdf [2010.04.07 11:47:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.23 20:21:53 | 000,007,666 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg < End of report > |
| Themen zu "Dieses Programm kann die Website nicht anzeigen"-Virus |
| applaus, autorun, avast, bho, bildschirm, converter, defender, explorer, firefox, format, google earth, home, lenovo, logfile, mozilla, mp3, object, plug-in, problem, programm, realtek, registry, scan, sekunden, server, software, taskmanager, temp |
Baum-Darstellung