Alle Programme stellen wenn man sie beendet ein Problem fest

arnecad · 12.09.2010, 17:00

Hallo
Ich bin neu hier und hoffe das ich das hier richtig gepostet habe.

Mein problem ist:
Seit kurzem kommt dauernd das Naricht: xxx hat ein Problem festgestellt und muss beendet werden. Z.b. wenn ich Itunes schließe kommt das oder wenn ich Internet schließe. Egal ob mozilla oder explorer.

Desweiteren kommen immer mal die gleichen meldungen pohne das ich was mache dann mit Programmen wie dostnoted musste beendet werden oder änhliches( mir fällt spontan der Name nicht ein Rundll32.exe oder so)

Programme wie Warrock starten dadurch erst gar nicht da ich in den Launcher gehe dann auf Spielstarten. Dann geht der Launcher ja automatisch aus und stellt dann wie oben beschrieben ein Problem fest.

Könnt ihr mir sagen woran das liegt?

Zu meinem System:
Windows Xp professional
Amd Semprom(tm) Processor
3400+
1.80 Ghz 3.00 Gb ram

Grafikarte: Nvidia GeForce 9600 GSO 512
500 gb Festplatte

cosinus · 13.09.2010, 13:09

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

arnecad · 13.09.2010, 17:20

so..hier das ergebins von der anti maleware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4605

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13.09.2010 18:05:51
mbam-log-2010-09-13 (18-05-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 223474
Laufzeit: 1 Stunde(n), 8 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 147
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 22
Infizierte Dateien: 90

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\adobe_flash_player(2).exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\arme\Eigene Dateien\Downloads\myWebFace.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache\002A3387.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00022A52 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0002384C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00023BA7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000241E1.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0002482A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024BB5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024C80.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00024D3B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

arnecad · 13.09.2010, 17:25

Die von OTL
Extras.txtOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 13.09.2010 18:10:38 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 422,95 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56547:TCP" = 56547:TCP:*:Enabled:Pando Media Booster
"56547:UDP" = 56547:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56547:TCP" = 56547:TCP:*:Enabled:Pando Media Booster
"56547:UDP" = 56547:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (GameSpy Industries, Inc.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup.exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(2).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(2).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(3).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(3).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(4).exe" = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\SweetImSetup(4).exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Programme\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Programme\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah 
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PageRage Toolbar" = PageRage Toolbar
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2010 12:13:29 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3888, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:13:52 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:14:25 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung uninstall.exe, Version 2.0.209.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 12.09.2010 12:23:57 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma1.91.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:26:23 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:26:46 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 12:51:10 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung kofuma.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001463ef.
 
Error - 12.09.2010 13:13:50 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5262, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x000963ef.
 
Error - 12.09.2010 13:15:38 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5262, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x000963ef.
 
Error - 12.09.2010 13:20:06 | Computer Name = ARNE-E1799A297A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cmd.exe, Version 5.1.2600.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x001563ef.
 
[ System Events ]
Error - 08.09.2010 10:00:09 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 3 
Mal passiert.
 
Error - 08.09.2010 14:05:50 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 08.09.2010 14:05:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "SearchAnonymizer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.09.2010 14:05:54 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 08.09.2010 14:06:01 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 08.09.2010 14:06:01 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Panda Cloud Antivirus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Panda Cloud Antivirus Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 09.09.2010 01:48:51 | Computer Name = ARNE-E1799A297A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
 
< End of report >

--- --- ---

arnecad · 13.09.2010, 17:28

die OTL.txt datei ist zu groß...
wie poste ich die trotzdem?
als txt datei anhängen geht nicht da soe 437 kb oder so groß ist

arnecad · 13.09.2010, 18:33

si hier ist die ander OTL datei

cosinus · 13.09.2010, 20:53

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2418376&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\1.bin File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKCU..\Run: [Reskbd] C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Update\bltgdi.exe ()
O32 - AutoRun File - [2008.05.08 17:37:40 | 000,587,992 | R--- | M] (Stardock Entertainment, Inc.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.07.08 14:34:26 | 000,000,081 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.05.21 21:53:55 | 000,002,680 | R--- | M] () - D:\AutorunText.txt -- [ UDF ]
[2010.09.13 14:29:21 | 000,000,000 | ---D | C] -- C:\eeb7506cac83c1cf561b0ac9b9128f
[2010.09.12 19:19:52 | 000,000,000 | ---D | C] -- C:\tmp
[2010.09.12 18:23:21 | 000,000,000 | ---D | C] -- C:\KoFuMa1.9
[2010.09.12 03:57:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.09.08 11:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lofee
[2010.09.06 21:09:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Kiisz
[2010.09.11 10:58:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2010.09.04 18:41:52 | 000,000,000 | ---D | C] -- C:\KP501
[2010.08.16 18:33:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.16 18:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV7481136.TMP
[2010.08.19 22:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.07 13:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PriceGong
[2010.09.12 03:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.08.24 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ymqo
[2010.09.13 18:07:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

arnecad · 14.09.2010, 13:31

ich habe versucht das zu machen
doch sobald ich auf fix klicke beendet sich der explorer ohne fehlermeldung( der prozess explorer.exe ist im taksmanager nicht mehr ausgeführt) und OTL hängt sich auf....

cosinus · 14.09.2010, 16:49

Hast Du aus dem unkenntlich gemachten Benutzernamen Deinen richtigen vorher wieder gemacht?

arnecad · 14.09.2010, 18:46

ja eig schon...
habe den text vorher in einen Editor eingefügt und alle **** durch meinen benutzernamen ersetzen lassen..per funktion ( bearbeiten ersetzen)
das geht doch dann oder?

cosinus · 14.09.2010, 18:49

Genau. Den string "****" durch den mit Deinem Benutzernamen ersetzen ist richtig...
Probiers bitte nochmal

arnecad · 14.09.2010, 19:28

geht nicht...habs mehrmals ausprobiert....hab das **** sogar eigenhändig geändert...geht nicht
der bleibt immer bei prosesiing(?) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

da bleibt der immer hängen...

cosinus · 14.09.2010, 20:44

Probiers bitte mal mit diesem Text:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2418376&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\1.bin File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Programme\PageRage\tbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKCU..\Run: [Reskbd] C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Update\bltgdi.exe ()
O32 - AutoRun File - [2008.05.08 17:37:40 | 000,587,992 | R--- | M] (Stardock Entertainment, Inc.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.07.08 14:34:26 | 000,000,081 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.05.21 21:53:55 | 000,002,680 | R--- | M] () - D:\AutorunText.txt -- [ UDF ]
[2010.09.13 14:29:21 | 000,000,000 | ---D | C] -- C:\eeb7506cac83c1cf561b0ac9b9128f
[2010.09.12 19:19:52 | 000,000,000 | ---D | C] -- C:\tmp
[2010.09.12 18:23:21 | 000,000,000 | ---D | C] -- C:\KoFuMa1.9
[2010.09.12 03:57:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.09.08 11:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lofee
[2010.09.06 21:09:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Kiisz
[2010.09.11 10:58:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2010.09.04 18:41:52 | 000,000,000 | ---D | C] -- C:\KP501
[2010.08.16 18:33:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.16 18:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV7481136.TMP
[2010.08.19 22:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.07 13:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PriceGong
[2010.09.12 03:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ryvuiw
[2010.08.24 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ymqo
[2010.09.13 18:07:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
:Commands
[purity]
[resethosts]
[emptytemp]

arnecad · 14.09.2010, 21:31

so hat geklappt hier das ergebnis=)

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
C:\Programme\PageRage\tbPage.dll moved successfully.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "PageRage Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://home.sweetim.com" removed from browser.startup.homepage
Prefs.js: plugin@yontoo.com:1.10.01 removed from extensions.enabledItems
Prefs.js: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 removed from extensions.enabledItems
Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "PageRage Customized Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Programme\Yontoo Layers Client\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}\ not found.
File C:\Programme\PageRage\tbPage.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4StoryPrePatch deleted successfully.
C:\Programme\Gameforge4D\4Story\PrePatch.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Reskbd deleted successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Adobe\Update\bltgdi.exe moved successfully.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutorunText.txt scheduled to be moved on reboot.
C:\eeb7506cac83c1cf561b0ac9b9128f\update folder moved successfully.
C:\eeb7506cac83c1cf561b0ac9b9128f folder moved successfully.
C:\tmp folder moved successfully.
C:\KoFuMa1.9\Videos folder moved successfully.
C:\KoFuMa1.9\Musik folder moved successfully.
C:\KoFuMa1.9\meinelieder folder moved successfully.
C:\KoFuMa1.9\Lizenzen folder moved successfully.
C:\KoFuMa1.9\Fonts folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Zufallwappen folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Deutschland folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\Amateure folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\9 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\6 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\48 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\47 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\45 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\41 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\37 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\36 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\34 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\29 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\17 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\15 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\schwarz60 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\schwarz208 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11\20 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen\11 folder moved successfully.
C:\KoFuMa1.9\Daten\Wappen folder moved successfully.
C:\KoFuMa1.9\Daten\Spielstand folder moved successfully.
C:\KoFuMa1.9\Daten\Namen\int_zufallsnamen folder moved successfully.
C:\KoFuMa1.9\Daten\Namen folder moved successfully.
C:\KoFuMa1.9\Daten\int_vereine folder moved successfully.
C:\KoFuMa1.9\Daten\hi_score folder moved successfully.
C:\KoFuMa1.9\Daten folder moved successfully.
C:\KoFuMa1.9\Bilder\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\werbung folder moved successfully.
C:\KoFuMa1.9\Bilder\Logo\a folder moved successfully.
C:\KoFuMa1.9\Bilder\Logo folder moved successfully.
C:\KoFuMa1.9\Bilder\Live folder moved successfully.
C:\KoFuMa1.9\Bilder\Leiste_unten folder moved successfully.
C:\KoFuMa1.9\Bilder\1.8\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.8 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.7\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.7 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.6\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.6 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.5\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.5 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.4\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.4 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.3\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.3 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2\_extraload\trikot_gross folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.2 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots\18_tabelle folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots\18_live folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload\trikots folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.1 folder moved successfully.
C:\KoFuMa1.9\Bilder\1.0\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\1.0 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.9\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.9 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.8\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.8 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.7\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.7 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.6\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.6 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5\Fahnen folder moved successfully.
C:\KoFuMa1.9\Bilder\0.5 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.4\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.4 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.3\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.3 folder moved successfully.
C:\KoFuMa1.9\Bilder\0.2\_extraload folder moved successfully.
C:\KoFuMa1.9\Bilder\0.2 folder moved successfully.
C:\KoFuMa1.9\Bilder folder moved successfully.
C:\KoFuMa1.9 folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ryvuiw folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Lofee folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Kiisz folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16} folder moved successfully.
C:\KP501\USB_Driver\FlashUSBAGOLD folder moved successfully.
C:\KP501\USB_Driver\FlashUSB folder moved successfully.
C:\KP501\USB_Driver folder moved successfully.
C:\KP501 folder moved successfully.
C:\Programme\ICQ6Toolbar folder moved successfully.
C:\WINDOWS\NV7481136.TMP folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\PriceGong folder moved successfully.
Folder C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ryvuiw\ not found.
C:\Dokumente und Einstellungen\arme\Anwendungsdaten\Ymqo folder moved successfully.
C:\WINDOWS\Tasks\PCConfidential.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: arme
->Temp folder emptied: 1008332235 bytes
->Temporary Internet Files folder emptied: 201816179 bytes
->FireFox cache emptied: 93214194 bytes
->Flash cache emptied: 6957353 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 635407 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 4118407 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15988074 bytes
RecycleBin emptied: 35070719 bytes

Total Files Cleaned = 1.305,00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09142010_222534

Files\Folders moved on Reboot...
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutorunText.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 14.09.2010, 21:32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

14.09.2010, 16:49	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Alle Programme stellen wenn man sie beendet ein Problem fest Hast Du aus dem unkenntlich gemachten Benutzernamen Deinen richtigen vorher wieder gemacht? __________________ Logfiles bitte immer in CODE-Tags posten

14.09.2010, 18:49	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Alle Programme stellen wenn man sie beendet ein Problem fest Genau. Den string "**" durch den mit Deinem Benutzernamen ersetzen ist richtig... Probiers bitte nochmal __________________ Logfiles bitte immer in CODE-Tags posten**

Alle Programme stellen wenn man sie beendet ein Problem fest

Diskussionsforum: Alle Programme stellen wenn man sie beendet ein Problem fest