Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Diskussionsforum (https://www.trojaner-board.de/diskussionsforum/)
-   -   Alle Programme stellen wenn man sie beendet ein Problem fest (https://www.trojaner-board.de/90696-alle-programme-stellen-man-beendet-problem-fest.html)

arnecad 12.09.2010 17:00
Alle Programme stellen wenn man sie beendet ein Problem fest
 
Hallo
Ich bin neu hier und hoffe das ich das hier richtig gepostet habe.

Mein problem ist:
Seit kurzem kommt dauernd das Naricht: xxx hat ein Problem festgestellt und muss beendet werden. Z.b. wenn ich Itunes schließe kommt das oder wenn ich Internet schließe. Egal ob mozilla oder explorer.

Desweiteren kommen immer mal die gleichen meldungen pohne das ich was mache dann mit Programmen wie dostnoted musste beendet werden oder änhliches( mir fällt spontan der Name nicht ein Rundll32.exe oder so)

Programme wie Warrock starten dadurch erst gar nicht da ich in den Launcher gehe dann auf Spielstarten. Dann geht der Launcher ja automatisch aus und stellt dann wie oben beschrieben ein Problem fest.

Könnt ihr mir sagen woran das liegt?

Zu meinem System:
Windows Xp professional
Amd Semprom(tm) Processor
3400+
1.80 Ghz 3.00 Gb ram

Grafikarte: Nvidia GeForce 9600 GSO 512
500 gb Festplatte

cosinus 13.09.2010 13:09
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

arnecad 13.09.2010 17:20
so..hier das ergebins von der anti maleware


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4605

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13.09.2010 18:05:51
mbam-log-2010-09-13 (18-05-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 223474
Laufzeit: 1 Stunde(n), 8 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 147
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 22
Infizierte Dateien: 90

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\adobe_flash_player(2).exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\myWebFace.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache\002A3387.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00022A52 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0002384C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00023BA7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000241E1.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0002482A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024BB5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024C80.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024D3B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

arnecad 13.09.2010 17:25
Die von OTL
Extras.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 13.09.2010 18:10:38 - Run 2
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 422,95 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56547:TCP" = 56547:TCP:*:Enabled:Pando Media Booster
"56547:UDP" = 56547:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56547:TCP" = 56547:TCP:*:Enabled:Pando Media Booster
"56547:UDP" = 56547:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (GameSpy Industries, Inc.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup.exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(2).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(2).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(3).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(3).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(4).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(4).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Programme\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Programme\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PageRage Toolbar" = PageRage Toolbar
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2010 12:13:29 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3888, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:13:52 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:14:25 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung uninstall.exe, Version 2.0.209.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 12.09.2010 12:23:57 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma1.91.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:26:23 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:26:46 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:51:10 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 13:13:50 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5262, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x000963ef.
 
Error - 12.09.2010 13:15:38 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5262, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x000963ef.
 
Error - 12.09.2010 13:20:06 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cmd.exe, Version 5.1.2600.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001563ef.
 
[ System Events ]
Error - 08.09.2010 10:00:09 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.
 
Error - 08.09.2010 14:05:50 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
 
Error - 08.09.2010 14:05:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "SearchAnonymizer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.09.2010 14:05:54 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 08.09.2010 14:06:01 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
 
Error - 08.09.2010 14:06:01 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Panda Cloud Antivirus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Panda Cloud Antivirus Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
 
< End of report >
--- --- ---

arnecad 13.09.2010 17:28
die OTL.txt datei ist zu groß...
wie poste ich die trotzdem?
als txt datei anhängen geht nicht da soe 437 kb oder so groß ist

arnecad 13.09.2010 18:33
si hier ist die ander OTL datei

cosinus 13.09.2010 20:53
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2418376&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\1.bin File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKCU..\Run: [Reskbd] C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Update\bltgdi.exe ()
O32 - AutoRun File - [2008.05.08 17:37:40 | 000,587,992 | R--- | M] (Stardock Entertainment, Inc.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.07.08 14:34:26 | 000,000,081 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.05.21 21:53:55 | 000,002,680 | R--- | M] () - D:\AutorunText.txt -- [ UDF ]
[2010.09.13 14:29:21 | 000,000,000 | ---D | C] -- C:\eeb7506cac83c1cf561b0ac9b9128f
[2010.09.12 19:19:52 | 000,000,000 | ---D | C] -- C:\tmp
[2010.09.12 18:23:21 | 000,000,000 | ---D | C] -- C:\KoFuMa1.9
[2010.09.12 03:57:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.09.08 11:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lofee
[2010.09.06 21:09:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Kiisz
[2010.09.11 10:58:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2010.09.04 18:41:52 | 000,000,000 | ---D | C] -- C:\KP501
[2010.08.16 18:33:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.16 18:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV7481136.TMP
[2010.08.19 22:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.07 13:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PriceGong
[2010.09.12 03:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.08.24 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ymqo
[2010.09.13 18:07:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

arnecad 14.09.2010 13:31
ich habe versucht das zu machen
doch sobald ich auf fix klicke beendet sich der explorer ohne fehlermeldung( der prozess explorer.exe ist im taksmanager nicht mehr ausgeführt) und OTL hängt sich auf....

cosinus 14.09.2010 16:49
Hast Du aus dem unkenntlich gemachten Benutzernamen Deinen richtigen vorher wieder gemacht?

arnecad 14.09.2010 18:46
ja eig schon...
habe den text vorher in einen Editor eingefügt und alle **** durch meinen benutzernamen ersetzen lassen..per funktion ( bearbeiten ersetzen)
das geht doch dann oder?

cosinus 14.09.2010 18:49
Genau. Den string "****" durch den mit Deinem Benutzernamen ersetzen ist richtig...
Probiers bitte nochmal

arnecad 14.09.2010 19:28
geht nicht...habs mehrmals ausprobiert....hab das **** sogar eigenhändig geändert...geht nicht
der bleibt immer bei prosesiing(?) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

da bleibt der immer hängen...

cosinus 14.09.2010 20:44
Probiers bitte mal mit diesem Text:

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2418376&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\1.bin File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKCU..\Run: [Reskbd] C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Update\bltgdi.exe ()
O32 - AutoRun File - [2008.05.08 17:37:40 | 000,587,992 | R--- | M] (Stardock Entertainment, Inc.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.07.08 14:34:26 | 000,000,081 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.05.21 21:53:55 | 000,002,680 | R--- | M] () - D:\AutorunText.txt -- [ UDF ]
[2010.09.13 14:29:21 | 000,000,000 | ---D | C] -- C:\eeb7506cac83c1cf561b0ac9b9128f
[2010.09.12 19:19:52 | 000,000,000 | ---D | C] -- C:\tmp
[2010.09.12 18:23:21 | 000,000,000 | ---D | C] -- C:\KoFuMa1.9
[2010.09.12 03:57:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.09.08 11:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lofee
[2010.09.06 21:09:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Kiisz
[2010.09.11 10:58:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2010.09.04 18:41:52 | 000,000,000 | ---D | C] -- C:\KP501
[2010.08.16 18:33:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.16 18:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV7481136.TMP
[2010.08.19 22:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.07 13:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PriceGong
[2010.09.12 03:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.08.24 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ymqo
[2010.09.13 18:07:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
:Commands
[purity]
[resethosts]
[emptytemp]

arnecad 14.09.2010 21:31
so hat geklappt hier das ergebnis=)


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
C:\Programme\PageRage\tbPage.dll moved successfully.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "PageRage Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://home.sweetim.com" removed from browser.startup.homepage
Prefs.js: plugin@yontoo.com:1.10.01 removed from extensions.enabledItems
Prefs.js: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 removed from extensions.enabledItems
Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "PageRage Customized Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Programme\Yontoo Layers Client\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4StoryPrePatch deleted successfully.
C:\Programme\Gameforge4D\4Story\PrePatch.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Reskbd deleted successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Adobe\Update\bltgdi.exe moved successfully.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutorunText.txt scheduled to be moved on reboot.
C:\eeb7506cac83c1cf561b0ac9b9128f\update folder moved successfully.
C:\eeb7506cac83c1cf561b0ac9b9128f folder moved successfully.
C:\tmp folder moved successfully.
C:\KoFuMa1.9\Videos folder moved successfully.
C:\KoFuMa1.9\Musik folder moved successfully.
C:\KoFuMa1.9\meinelieder folder moved successfully.
C:\KoFuMa1.9\Lizenzen folder moved successfully.
C:\KoFuMa1.9\Fonts folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen folder moved successfully.
C:\KoFuMa1.9\Daten\Spielstand folder moved successfully.
C:\KoFuMa1.9\Daten\Namen\int_zufallsnamen folder moved successfully.
C:\KoFuMa1.9\Daten\Namen folder moved successfully.
C:\KoFuMa1.9\Daten\int_vereine folder moved successfully.
C:\KoFuMa1.9\Daten\hi_score folder moved successfully.
C:\KoFuMa1.9\Daten folder moved successfully.
C:\KoFuMa1.9\Bilder\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\werbung folder moved successfully.
C:\KoFuMa1.9\Bilder\Logo\a folder moved successfully.
C:\KoFuMa1.9\Bilder\Logo folder moved successfully.
C:\KoFuMa1.9\Bilder\Live folder moved successfully.
C:\KoFuMa1.9\Bilder\Leiste_unten folder moved successfully.
C:\KoFuMa1.9\Bilder\1.8\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.8 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.7\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.7 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.6\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.6 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.5\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.5 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.4\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.4 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.3\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.3 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2\_extraload\trikot_gross folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots\18_tabelle folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots\18_live folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.0\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.0 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.9\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.9 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.8\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.8 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.7\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.7 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.6\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.6 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5\Fahnen folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.4\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.4 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.3\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.3 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.2\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.2 folder moved successfully.
C:\KoFuMa1.9\Bilder folder moved successfully.
C:\KoFuMa1.9 folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ryvuiw folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Lofee folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Kiisz folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16} folder moved successfully.
C:\KP501\USB_Driver\FlashUSBAGOLD folder moved successfully.
C:\KP501\USB_Driver\FlashUSB folder moved successfully.
C:\KP501\USB_Driver folder moved successfully.
C:\KP501 folder moved successfully.
C:\Programme\ICQ6Toolbar folder moved successfully.
C:\WINDOWS\NV7481136.TMP folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\PriceGong folder moved successfully.
Folder C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ryvuiw\ not found.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ymqo folder moved successfully.
C:\WINDOWS\Tasks\PCConfidential.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: arme
->Temp folder emptied: 1008332235 bytes
->Temporary Internet Files folder emptied: 201816179 bytes
->FireFox cache emptied: 93214194 bytes
->Flash cache emptied: 6957353 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 635407 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 4118407 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15988074 bytes
RecycleBin emptied: 35070719 bytes

Total Files Cleaned = 1.305,00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09142010_222534

Files\Folders moved on Reboot...
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutorunText.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 14.09.2010 21:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

arnecad 14.09.2010 21:33
es klappt wieder danke=)

woran lag das den jetzt?

bis her kam keine fehlermeldung mehr und warrock und so lässt sich auch wiede rproblemlos starten=)
vielen vielen dank=)

cosinus 14.09.2010 21:51
Bitte poste das Log von CF!!

arnecad 15.09.2010 11:47
so hier das ergebnis

Combofix Logfile:
Code:
ComboFix 10-09-14.04 - arme 15.09.2010  12:38:13.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.3070.2619 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\arme\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\arme\Anwendungsdaten\facemoods.com
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


(((((((((((((((((((((((  Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 10:26 . 2010-09-15 10:26        --------        d-----w-        c:\programme\CCleaner
2010-09-13 20:47 . 2010-09-13 20:47        --------        d-----w-        C:\_OTL
2010-09-13 17:31 . 2010-09-13 17:31        --------        d-----w-        c:\programme\7-Zip
2010-09-13 12:17 . 2010-09-13 12:17        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Malwarebytes
2010-09-13 12:16 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 12:16 . 2010-09-13 12:17        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-09-13 12:16 . 2010-09-13 12:16        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-13 12:16 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-12 12:37 . 2010-09-12 12:37        --------        d-----w-        c:\programme\iPod
2010-09-12 12:37 . 2010-09-12 12:38        --------        d-----w-        c:\programme\iTunes
2010-09-12 12:36 . 2010-09-12 12:36        --------        d-----w-        c:\programme\Apple Software Update
2010-09-12 12:36 . 2010-04-19 18:47        3062048        ----a-w-        c:\windows\system32\usbaaplrc.dll
2010-09-12 12:36 . 2010-04-19 18:47        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2010-09-12 12:36 . 2010-09-12 12:36        --------        d-----w-        c:\programme\Bonjour
2010-09-12 12:01 . 2010-09-12 12:01        --------        d--h--w-        c:\windows\system32\GroupPolicy
2010-09-11 09:00 . 2010-09-11 09:00        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Ironclad Games
2010-09-11 08:41 . 2010-09-11 08:41        --------        d-----w-        c:\programme\Kalypso
2010-09-11 08:38 . 2010-09-11 08:38        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Media Player Classic
2010-09-11 08:38 . 2010-09-11 08:38        --------        d-----w-        c:\dokumente und einstellungen\arme\IO
2010-09-10 13:45 . 2010-09-10 13:45        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Stardock
2010-09-10 12:51 . 2010-09-10 12:51        --------        d-----w-        c:\programme\Bohemia Interactive
2010-09-10 12:49 . 2006-12-08 10:02        251672        ----a-w-        c:\windows\system32\xactengine2_5.dll
2010-09-10 12:49 . 2006-11-15 09:38        15128        ----a-w-        c:\windows\system32\x3daudio1_1.dll
2010-09-10 12:49 . 2006-09-28 14:05        237848        ----a-w-        c:\windows\system32\xactengine2_4.dll
2010-09-10 12:49 . 2006-07-28 07:30        236824        ----a-w-        c:\windows\system32\xactengine2_3.dll
2010-09-10 12:49 . 2005-05-26 13:34        2297552        ----a-w-        c:\windows\system32\d3dx9_26.dll
2010-09-09 15:11 . 2010-09-09 15:12        --------        d-----w-        c:\programme\QuickTime
2010-09-06 20:34 . 2010-09-06 20:34        --------        d-----w-        c:\programme\Pando Networks
2010-09-06 20:34 . 2010-09-06 20:34        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Pando_Temp
2010-09-06 17:26 . 2010-09-12 16:14        --------        d-----w-        c:\programme\KoFuMa
2010-09-06 13:24 . 2010-09-06 13:24        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Panda Security
2010-09-06 13:22 . 2010-09-11 14:10        --------        d-----w-        c:\programme\Panda Security
2010-09-06 13:22 . 2010-09-06 13:22        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Panda Security
2010-09-05 06:54 . 2010-09-05 06:54        --------        d-----w-        c:\programme\MSXML 4.0
2010-09-04 16:52 . 2004-08-03 21:08        26496        -c--a-w-        c:\windows\system32\dllcache\usbstor.sys
2010-09-04 16:47 . 2007-11-08 14:26        1164728        ----a-w-        c:\windows\system32\NMSDVDXU.dll
2010-09-04 16:47 . 2010-09-04 16:47        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\LG Electronics
2010-09-04 16:47 . 2010-09-04 16:48        --------        d-----w-        c:\programme\LG PC Suite II
2010-09-04 16:42 . 2010-01-20 23:59        20864        ----a-w-        c:\windows\system32\drivers\lgusbdiag.sys
2010-09-04 16:42 . 2010-01-20 23:59        24960        ----a-w-        c:\windows\system32\drivers\lgusbmodem.sys
2010-09-04 16:42 . 2010-01-20 23:59        13056        ----a-w-        c:\windows\system32\drivers\lgusbbus.sys
2010-09-04 16:42 . 2010-09-04 16:42        --------        d-----w-        c:\programme\LG Electronics
2010-09-04 16:40 . 2010-09-10 23:50        391096        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-09-04 16:40 . 2010-09-01 22:40        1066936        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-09-04 16:40 . 2010-08-30 00:28        528384        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-09-04 16:40 . 2010-08-20 06:03        100280        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\LGMLauncher.exe
2010-09-04 16:40 . 2010-08-19 07:49        106496        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-09-04 16:40 . 2010-05-20 04:49        206784        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-09-04 16:40 . 2010-03-16 06:31        24576        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2010-09-04 16:40 . 2006-05-04 06:33        53248        ----a-w-        c:\windows\system32\CommonDL.dll
2010-09-04 16:40 . 2005-11-24 00:34        82432        ----a-w-        c:\windows\system32\msxml4r.dll
2010-09-04 16:40 . 2005-10-03 23:39        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2010-09-04 16:40 . 2010-09-04 16:40        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX
2010-09-04 15:04 . 2010-09-04 15:04        49152        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-04 15:04 . 2010-09-04 15:04        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-04 15:03 . 2010-09-04 15:03        --------        d-----w-        c:\programme\Real
2010-09-04 09:22 . 2010-09-12 12:20        --------        d-----w-        c:\programme\SweetIM
2010-09-04 09:22 . 2010-09-12 12:20        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2010-09-04 09:18 . 2010-09-14 20:25        --------        d-----w-        c:\programme\PageRage
2010-09-04 09:18 . 2010-09-05 05:50        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\PageRage
2010-09-04 09:18 . 2010-08-24 11:11        52224        ------w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
2010-09-04 09:18 . 2010-08-24 11:11        101376        ------w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
2010-09-04 09:18 . 2010-09-14 20:25        --------        d-----w-        c:\programme\Yontoo Layers Client
2010-09-04 09:18 . 2010-09-04 09:18        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer
2010-09-04 09:18 . 2010-08-13 00:47        108544        --s-a-r-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2010-09-04 09:18 . 2010-08-13 00:46        345600        --s-a-r-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2010-09-04 09:18 . 2010-06-16 04:59        226816        --s---r-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2010-09-03 18:10 . 2010-09-03 18:10        56765        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-03 18:10 . 2010-09-03 18:10        53600        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-09-02 20:30 . 2010-09-02 20:30        19368        ---ha-w-        c:\windows\system32\mlfcache.dat
2010-09-01 07:12 . 2010-09-01 07:12        73000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-31 22:12 . 2010-09-13 16:36        1        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-31 22:12 . 2010-08-31 22:12        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\OpenOffice.org
2010-08-31 22:10 . 2010-08-31 22:10        --------        d-----w-        c:\programme\OpenOffice.org 3
2010-08-30 14:55 . 2010-09-13 16:38        --------        d-----w-        c:\windows\system32\Adobe
2010-08-29 19:30 . 2010-08-29 19:30        --------        d-----w-        c:\programme\Gameforge4D
2010-08-28 07:16 . 2010-09-03 18:09        185640        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\finishPlugin.dll
2010-08-28 07:16 . 2010-08-28 07:16        56997        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-08-28 07:16 . 2010-08-28 07:16        57691        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-08-28 07:15 . 2010-08-28 07:15        84063        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe
2010-08-28 07:15 . 2010-08-28 07:15        54153        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 07:13 . 2010-09-03 18:09        144696        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 19:38 . 2004-08-04 12:00        25600        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-08-27 19:37 . 2010-08-27 19:37        --------        d-----w-        c:\programme\Windows Media Connect 2
2010-08-27 19:36 . 2010-08-27 19:36        --------        d-----w-        c:\windows\system32\drivers\UMDF
2010-08-27 19:36 . 2010-08-27 19:36        --------        d-----w-        c:\windows\system32\LogFiles
2010-08-27 12:02 . 2010-08-27 12:02        --------        d-----w-        c:\windows\Logs
2010-08-27 11:00 . 2010-08-27 11:00        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\GamersFirst LIVE!
2010-08-27 11:00 . 2010-08-27 11:55        --------        d-----w-        c:\programme\GamersFirst
2010-08-25 10:01 . 2010-09-04 10:01        --------        d-----w-        c:\windows\system32\NtmsData
2010-08-23 19:11 . 2010-08-23 19:11        --------        d-----w-        c:\programme\LucasArts
2010-08-23 19:10 . 2010-08-24 20:26        --------        d-----w-        c:\programme\GameSpy Arcade
2010-08-22 17:19 . 2010-03-15 09:31        165376        ----a-w-        c:\windows\system32\unrar.dll
2010-08-22 17:19 . 2010-06-08 16:10        790528        ----a-w-        c:\windows\system32\xvidcore.dll
2010-08-22 17:19 . 2010-06-08 16:10        134144        ----a-w-        c:\windows\system32\xvidvfw.dll
2010-08-22 17:19 . 2004-01-25 16:18        217088        ----a-w-        c:\windows\system32\yv12vfw.dll
2010-08-22 17:19 . 2010-08-12 08:00        108032        ----a-w-        c:\windows\system32\ff_vfw.dll
2010-08-22 17:19 . 2010-08-22 17:19        --------        d-----w-        c:\programme\K-Lite Codec Pack
2010-08-22 09:30 . 2010-08-22 09:30        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\AdobeUM
2010-08-21 21:46 . 2010-08-21 21:46        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2010-08-21 21:29 . 2010-08-21 21:29        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
2010-08-21 21:29 . 2010-08-21 21:29        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
2010-08-21 18:22 . 2010-08-21 18:22        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Avira
2010-08-19 22:19 . 2010-09-12 12:07        --------        d-----w-        c:\programme\DVDVideoSoftTB
2010-08-19 22:19 . 2010-08-27 12:20        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-08-19 22:19 . 2010-08-19 22:19        --------        d-----w-        c:\programme\Conduit
2010-08-19 20:45 . 2010-08-19 21:17        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Apple Computer
2010-08-19 20:45 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-19 20:45 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-08-19 20:43 . 2010-08-19 20:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-08-19 20:43 . 2010-08-19 20:43        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Apple
2010-08-19 20:42 . 2010-09-12 12:37        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-08-19 20:42 . 2010-08-19 20:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-08-19 20:41 . 2010-09-09 15:21        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-08-19 20:40 . 2010-08-19 20:40        --------        d-----w-        c:\programme\Atari
2010-08-19 20:32 . 2010-09-04 15:03        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2010-08-19 20:32 . 2010-09-04 15:03        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2010-08-19 20:29 . 2010-08-19 20:29        --------        d-----w-        c:\programme\YouTube Downloader
2010-08-19 20:26 . 2010-08-19 20:26        --------        d-----w-        c:\programme\Lavalys
2010-08-19 20:25 . 2010-08-19 20:25        --------        d-----w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-08-19 20:25 . 2010-09-12 12:20        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-08-19 20:25 . 2010-09-12 12:08        --------        d-----w-        c:\programme\DVDVideoSoft
2010-08-19 18:44 . 2010-08-19 20:44        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2010-08-17 17:42 . 2010-08-17 17:42        --------        d-----w-        c:\programme\Bethesda Softworks
2010-08-17 17:42 . 2010-08-17 17:50        --------        d-----w-        c:\dokumente und einstellungen\arme\Lokale Einstellungen\Anwendungsdaten\Oblivion

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 12:19 . 2010-08-16 14:22        --------        d--h--w-        c:\programme\InstallShield Installation Information
2010-09-06 15:47 . 2010-08-19 21:09        27892        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Patch-Master.exe3.dat
2010-09-06 15:47 . 2010-08-19 21:09        46342        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Patch-Master.exe2.dat
2010-09-06 15:47 . 2010-08-19 21:09        157763        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Patch-Master.exe1.dat
2010-09-06 15:47 . 2010-08-19 21:09        44756        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Patch-Master.exe0.dat
2010-09-06 12:14 . 2010-08-19 21:16        3108        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Patch-Master.exe.dat
2010-09-04 15:04 . 2010-09-04 15:04        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-04 15:04 . 2010-09-04 15:04        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-04 15:04 . 2010-09-04 15:04        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-04 15:04 . 2010-09-04 15:04        40960        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-04 15:04 . 2010-09-04 15:04        341600        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-04 15:04 . 2010-09-04 15:04        308808        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-04 15:04 . 2010-09-04 15:04        14848        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-04 15:04 . 2010-09-04 15:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\Real
2010-09-04 15:03 . 2010-09-04 15:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\xing shared
2010-08-18 09:09 . 2004-08-04 12:00        80108        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-18 09:09 . 2004-08-04 12:00        448800        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-17 17:24 . 2010-08-16 14:13        86327        ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-17 08:36 . 2010-08-16 14:22        --------        d-----w-        c:\programme\Gemeinsame Dateien\InstallShield
2010-08-17 07:35 . 2010-08-17 07:35        --------        d-----w-        c:\programme\MSBuild
2010-08-17 07:35 . 2010-08-17 07:35        --------        d-----w-        c:\programme\Reference Assemblies
2010-08-16 16:21 . 2010-08-16 14:40        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-08-16 14:48 . 2010-08-16 14:48        0        ----a-w-        c:\windows\nsreg.dat
2010-08-16 14:32 . 2010-08-16 14:32        --------        d-----w-        c:\programme\Realtek
2010-08-16 14:32 . 2010-08-16 14:32        315392        ----a-w-        c:\windows\HideWin.exe
2010-08-16 14:22 . 2010-08-16 14:22        --------        d-----w-        c:\programme\ATI Technologies
2010-08-16 14:21 . 2010-08-16 14:21        --------        d-----w-        c:\programme\DIFX
2010-08-16 14:14 . 2010-08-16 14:14        --------        d-----w-        c:\programme\microsoft frontpage
2010-08-16 14:13 . 2010-08-16 14:13        --------        d-----w-        c:\programme\Online-Dienste
2010-08-16 14:12 . 2010-08-16 14:12        --------        d-----w-        c:\programme\Gemeinsame Dateien\Dienste
2010-08-16 14:11 . 2010-08-16 14:11        21740        ----a-w-        c:\windows\system32\emptyregdb.dat
2010-07-27 16:44 . 2010-07-27 16:44        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2010-07-27 16:44 . 2010-07-27 16:44        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2010-07-06 14:45 . 2010-07-06 14:45        368640        ----a-w-        c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programme\Steam\Steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-04 202256]
"B2C_AGENT"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-09-10 391096]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-08-10 421888]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"c:\\Dokumente und Einstellungen\\arme\\Eigene Dateien\\Downloads\\SweetImSetup.exe"=
"c:\\Dokumente und Einstellungen\\arme\\Eigene Dateien\\Downloads\\SweetImSetup(2).exe"=
"c:\\Dokumente und Einstellungen\\arme\\Eigene Dateien\\Downloads\\SweetImSetup(3).exe"=
"c:\\Dokumente und Einstellungen\\arme\\Eigene Dateien\\Downloads\\SweetImSetup(4).exe"=
"c:\\Programme\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56547:TCP"= 56547:TCP:Pando Media Booster
"56547:UDP"= 56547:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.08.2010 18:22 135336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
Inhalt des "geplante Tasks" Ordners

2010-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1547161642-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1547161642-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\arme\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\arme\Anwendungsdaten\Mozilla\Firefox\Profiles\ar34a74i.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ICQ - ~c:\programme\ICQ7.2\ICQ.exe
AddRemove-Sins of a Solar Empire - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 12:43
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-15  12:46:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-15 10:46

Vor Suchlauf: 8 Verzeichnis(se), 455.347.838.976 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 455.318.093.824 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - ADFC5F07535F0AF8EBABC021599C6FC4
--- --- ---

cosinus 15.09.2010 12:56
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

arnecad 15.09.2010 15:23
hier von GMER

GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-15 16:22:37
Windows 5.1.2600 Service Pack 2
Running: s8qv7dyc.exe; Driver: C:\DOKUME~1\arme\LOKALE~1\Temp\pgdyqkow.sys


---- System - GMER 1.0.15 ----

SSDT  BA68E6DE                                    ZwCreateKey
SSDT  BA68E6D4                                    ZwCreateThread
SSDT  BA68E6E3                                    ZwDeleteKey
SSDT  BA68E6ED                                    ZwDeleteValueKey
SSDT  BA68E6F2                                    ZwLoadKey
SSDT  BA68E6C0                                    ZwOpenProcess
SSDT  BA68E6C5                                    ZwOpenThread
SSDT  BA68E6FC                                    ZwReplaceKey
SSDT  BA68E6F7                                    ZwRestoreKey
SSDT  BA68E6E8                                    ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwCallbackReturn + 2710        80501600 4 Bytes  CALL E30A7EEB
?      Combo-Fix.sys                              Das System kann die angegebene Datei nicht finden. !
.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys    section is writeable [0xB97CB360, 0x32E00D, 0xE8000020]
?      C:\DOKUME~1\arme\LOKALE~1\Temp\mbr.sys      Das System kann die angegebene Datei nicht finden. !
?      C:\cofi\catchme.sys                        Das System kann die angegebene Datei nicht finden. !
?      C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----
--- --- ---

arnecad 15.09.2010 15:29
hier von OSAM

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:29:00 on 15.09.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-1417001333-1547161642-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-1417001333-1547161642-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\WINDOWS\system32\drivers\EagleXNt.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\arme\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgdyqkow" (pgdyqkow) - ? - C:\DOKUME~1\arme\LOKALE~1\Temp\pgdyqkow.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\arme\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Steam" - "Valve Corporation" - "C:\Programme\Steam\Steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"B2C_AGENT" - "LG Electronics" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 15.09.2010 16:09
Und der Bootkit Remover?

arnecad 15.09.2010 22:22
also ich habe die datein boot_remover ausgeführt
hat sich fentser geöffnet und so...
jetzt steht da

system volum is c und so....

size device name mbr status
456 gb \\.\PhysicalDevice0 Unknow boot comand



to inspekt the boot code manual dump the master boot sector...

und unten dann Done. to exit üree any key

cosinus 16.09.2010 09:37
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

arnecad 16.09.2010 13:15
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 112):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DED000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB902C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9018000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9003000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8FE0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA138000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA148000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8FBD000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8F98000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8F87000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8F73000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9696000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5C4000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA6D9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9686000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA570000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8F3D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9676000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9666000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8F2C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9656000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8EFB000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9636000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8EC7000 \SystemRoot\system32\DRIVERS\update.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA604000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB690B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB68E9000 \SystemRoot\system32\drivers\portcls.sys
0xBA1C8000 \SystemRoot\system32\drivers\drmk.sys
0xBA60C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C8000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\System32\drivers\vga.sys
0xBA610000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA612000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA480000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA53C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6866000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB680E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB67E6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB67C4000 \SystemRoot\System32\drivers\afd.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA488000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6798000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6729000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6708000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB66E6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA62A000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB6D7F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA360000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA268000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6D7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB66A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA62C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB68D5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA378000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA73C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6379000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6392000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5FDC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB5F9F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB60E9000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA620000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5123000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4E62000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
696 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1316 svchost.exe
1684 C:\WINDOWS\system32\spoolsv.exe
1708 C:\WINDOWS\explorer.exe
1772 C:\Programme\Avira\AntiVir Desktop\sched.exe
1940 svchost.exe
1972 C:\WINDOWS\RTHDCPL.exe
2008 C:\WINDOWS\system32\rundll32.exe
2016 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2028 C:\Programme\DivX\DivX Update\DivXUpdate.exe
2036 C:\Programme\SweetIM\Messenger\SweetIM.exe
124 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
180 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
228 C:\Programme\iTunes\iTunesHelper.exe
1068 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1080 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1112 C:\Programme\Bonjour\mDNSResponder.exe
1356 C:\WINDOWS\system32\nvsvc32.exe
1612 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
600 C:\WINDOWS\system32\wuauclt.exe
2256 C:\Programme\iPod\bin\iPodService.exe
2616 alg.exe
3080 C:\WINDOWS\system32\wuauclt.exe
3164 C:\Programme\ICQ7.2\ICQ.exe
3520 C:\Programme\Mozilla Firefox\firefox.exe
3804 C:\Programme\Mozilla Firefox\plugin-container.exe
4016 C:\Dokumente und Einstellungen\arme\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AADS-00S9B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 16.09.2010 13:52
Zitat:
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

arnecad 16.09.2010 21:21
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/16/2010 at 10:18 PM

Application Version : 4.43.1000

Core Rules Database Version : 5520
Trace Rules Database Version: 3332

Scan type : Complete Scan
Total Scan Time : 01:31:22

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 4952
Registry threats detected : 0
File items scanned : 97908
File threats detected : 51

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\arme\Cookies\arme@doubleclick[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@www.zanox-affiliate[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@content.yieldmanager[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@atwola[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@ad.yieldmanager[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@zanox-affiliate[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@mediaplex[2].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@apmebf[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@tradedoubler[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@zanox[1].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@ak[2].txt
C:\Dokumente und Einstellungen\arme\Cookies\arme@media.warrock[1].txt

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016030.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016031.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016032.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016033.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016034.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016035.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016040.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016042.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016043.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016044.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016045.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016046.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016047.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016048.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016050.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016051.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016053.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016054.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016055.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016056.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016057.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016060.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016062.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016063.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016064.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016065.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B440DA09-4772-4CE8-AF55-12313C8DF0C5}\RP85\A0016070.DLL

cosinus 17.09.2010 09:13
Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

Sieht sonst soweit ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

arnecad 17.09.2010 14:20
vielen vielen
dank nein ansonsten nichts bisher=)
klappt alles weider bestens vielen dank=)

cosinus 17.09.2010 17:53
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131