| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.BHO löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.09.2010, 19:44
| #1 |
 |  Trojan.BHO löschen Hallo, hab mir blöderweise den Trojan.BHO eingefangen. Malwarebytes zeigte mir drei Einträge (siehe mbam-log-2010-09-26 (08-20-47).txt ). 2 in der Registry und eine infizierte Datei. In Internet (Forum Avira) gab es den Hinweis, die ICQ Toolbar zu deinstallieren. Das habe ich gemacht. Die infizierte Datei ist nun weg, die Einträge in der Registry sind leider immer noch da, siehe das log von Malwarebytes (mbam-log-2010-09-26 (18-37-55).txt). Hat jemand eine Idee, wie ich den Rechner sauber bekommen kann? Danke!!!!!! Viele Grüße Trojanerin |
|
27.09.2010, 22:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.BHO löschen Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
28.09.2010, 19:38
| #3 |
| | Trojan.BHO löschen Hallo Arne,
__________________hier das log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/28/2010 8:22:35 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Marit\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,013.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 13.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105.56 Gb Total Space | 29.77 Gb Free Space | 28.20% Space Free | Partition Type: NTFS Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS Drive E: | 4.21 Gb Total Space | 4.21 Gb Free Space | 100.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARIT-PC Current User Name: Administrator_1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/homehxxp://start.icq.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5 FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions [2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions [2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions [2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml [2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml [2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml [2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml [2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml [2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml [2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml [2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml [2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif [2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src [2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml [2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml [2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml [2010/09/26 09:39:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} [2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O13 - gopher Prefix: missing O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes [2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6 [2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG [2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/09/28 20:30:20 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/09/28 20:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job [2010/09/28 20:22:15 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat [2010/09/28 20:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms [2010/09/28 20:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf [2010/09/28 20:13:01 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/09/28 20:11:18 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010/09/28 20:11:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/09/28 20:10:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/28 20:10:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/28 20:10:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/28 20:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/28 20:10:22 | 1063,280,640 | -HS- | M] () -- C:\hiberfil.sys [2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/09/25 18:52:23 | 588,990,017 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini [2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll [2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd [2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat [2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt [2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/19 17:37:58 | 000,015,852 | ---- | C] () -- C:\Windows\System32\SETUP.INI [2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL < End of report > Viele Grüße Martin |
|
28.09.2010, 21:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.09.2010, 20:25
| #5 |
| | Trojan.BHO löschen Hallo Arne, hier das Logfile, das ich bekommen habe, nachdem der Rechner neu gestartet ist: All processes killed ========== OTL ========== Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully. D:\AUTOMODE moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator_1 ->Temp folder emptied: 1182790492 bytes ->Temporary Internet Files folder emptied: 96274306 bytes ->Java cache emptied: 13689524 bytes ->FireFox cache emptied: 5393012 bytes ->Flash cache emptied: 704 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mami ->Temp folder emptied: 2713688 bytes ->Temporary Internet Files folder emptied: 11188384 bytes ->FireFox cache emptied: 91749953 bytes ->Flash cache emptied: 680 bytes User: Marit ->Temp folder emptied: 892233235 bytes ->Temporary Internet Files folder emptied: 528300447 bytes ->Java cache emptied: 12919479 bytes ->FireFox cache emptied: 47003853 bytes ->Flash cache emptied: 13533701 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 24270 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 703353790 bytes RecycleBin emptied: 1724656018 bytes Total Files Cleaned = 5,079.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09292010_204010 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Gruß Martin |
|
30.09.2010, 15:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Trojan.BHO löschen |
|
30.09.2010, 20:48
| #7 |
| | Trojan.BHO löschen Hallo Arne, hier das log von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-30.01 - Administrator_1 30.09.2010 20:54:40.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.1013.242 [GMT 2:00]
ausgeführt von:: c:\users\Marit\Desktop\cofi.exe.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\setup.ini
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-30 ))))))))))))))))))))))))))))))
.
2010-09-30 18:37 . 2010-09-30 18:45 -------- d-----w- c:\program files\CCleaner
2010-09-29 18:40 . 2010-09-29 18:40 -------- d-----w- C:\_OTL
2010-09-26 05:42 . 2010-09-26 05:42 -------- d-----w- c:\users\Marit\AppData\Roaming\Malwarebytes
2010-09-25 19:03 . 2010-09-25 19:03 -------- d-----w- c:\users\Administrator_1\AppData\Roaming\Malwarebytes
2010-09-25 19:01 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-25 19:01 . 2010-09-25 19:01 -------- d-----w- c:\programdata\Malwarebytes
2010-09-25 19:00 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-25 18:58 . 2010-09-25 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-25 18:16 . 2010-09-26 07:40 -------- d-----w- c:\program files\Trojancheck 6
2010-09-25 17:59 . 2010-09-25 17:59 -------- d-----w- c:\program files\AVG
2010-09-16 13:08 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 13:08 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 13:08 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:08 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 18:14 . 2010-06-20 02:21 214016 ----a-w- c:\users\Marit\AppData\Roaming\Thunderbird\Profiles\kr2fu9cv.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 18:29 . 2008-07-09 20:09 -------- d-----w- c:\users\Marit\AppData\Roaming\OpenOffice.org2
2010-09-30 13:34 . 2007-07-05 06:11 -------- d-----w- c:\program files\Google
2010-09-30 12:28 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-30 12:28 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-27 11:33 . 2006-11-02 15:38 663300 ----a-w- c:\windows\system32\perfh007.dat
2010-09-27 11:33 . 2006-11-02 15:38 135254 ----a-w- c:\windows\system32\perfc007.dat
2010-09-26 07:48 . 2008-05-18 17:45 -------- d-----w- c:\program files\LyX15
2010-09-26 07:46 . 2007-07-05 04:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 07:46 . 2008-11-27 13:25 -------- d-----w- c:\program files\Xpress2008A
2010-09-26 07:43 . 2008-11-15 11:14 -------- d-----w- c:\programdata\Lavasoft
2010-09-25 09:00 . 2008-05-18 17:49 -------- d-----w- c:\users\Marit\AppData\Roaming\lyx15
2010-09-16 20:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-08 18:09 . 2008-12-23 15:17 -------- d-----w- c:\users\Marit\AppData\Roaming\Thunderbird
2010-09-08 18:09 . 2008-12-23 15:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-06 11:28 . 2008-04-15 08:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 21:49 . 2008-01-16 10:12 -------- d-----w- c:\users\Marit\AppData\Roaming\ICQ
2010-09-05 21:49 . 2010-01-18 08:57 -------- d-----w- c:\users\Marit\AppData\Roaming\Skype
2010-09-05 20:27 . 2008-01-04 19:58 -------- d-----w- c:\users\Marit\AppData\Roaming\ChessBase
2010-09-05 14:50 . 2010-01-18 09:11 -------- d-----w- c:\users\Marit\AppData\Roaming\skypePM
2010-08-30 13:02 . 2010-08-10 15:18 -------- d-----w- c:\users\Administrator_1\AppData\Roaming\Skype
2010-08-10 15:14 . 2010-03-09 11:11 -------- d-----w- c:\programdata\NOS
2007-10-27 19:35 . 2007-10-27 19:35 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-12-04 366592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UCam_Menu"="c:\program files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Marit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-12-15 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1623168461-2455287914-1741078707-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 135664]
R3 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [2007-09-07 71208]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-03-17 30560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]
2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.web.de
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
FF - ProfilePath - c:\users\Administrator_1\AppData\Roaming\Mozilla\Firefox\Profiles\papmkgx9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: keyword.URL - hxxp://go.web.de/suchbox/webdesuche?su=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(WEB.DE)");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 21:15
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\users\ADMINI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30 21:24:13
ComboFix-quarantined-files.txt 2010-09-30 19:24
Vor Suchlauf: 17 Verzeichnis(se), 36.995.567.616 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.208.956.928 Bytes frei
- - End Of File - - 39CBD109B88182CA0DA899A0DC35F584
Viele Grüße Martin |
|
01.10.2010, 07:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2010, 20:05
| #9 |
| | Trojan.BHO löschen Hallo Arne, GMER ist abgestürzt. Hier sind die logs von OSAM als html HTML-Code: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Report of OSAM: Autorun Manager v5.0.11926.0</title> <style type="text/css"> body { margin : 10px 10px 10px 20px; color : #000000; background-color : #fffbf0; font : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-3dlight-color : #fffbf0; scrollbar-arrow-color : #000000; scrollbar-darkshadow-color: #000000; scrollbar-face-color : #fffbf0; scrollbar-highlight-color : #000000; scrollbar-shadow-color : #fffbf0; scrollbar-track-color : #fffbf0; } a:link { color: #e15616; } a:visited { color: #e15616; } a:hover { color: #e4743f; } a:active { color: #e4743f; } .header1 { font-size : 115%; font-weight: bold; margin-left: 0px; } table { border-collapse: collapse; border : 1px solid #000000; cellpadding : 0; cellspacing : 0; width : 90%; } td,th { font-size : 12px; color : #000000; background : #fffbf0; border : 1px solid #000000; text-align : left; vertical-align: top; padding : 2px 4px 2px 4px; } .cap { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; border : 1px solid #000000; } .group { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; text-align : center; } .reg { font-weight: bold; font-size : 10pt; border : 0px none; padding : 2px 4px 2px 4px; } .notfound { background-color: #B3DDFF; } .blocked { background-color: #FF96EB; } .nodetails { background-color: #FFFF75; } .trusted { background-color: #C8FFC8; } .rootkit { background-color: #FF8696; } td.rs { text-align: center; vertical-align: center; font-family: courier; } td.rs.rm { background: #F90424; title: "Malware"; } td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; } td.rs.rw { background: #F90424; title: "Unwanted"; } td.rs.rs { background: #F90424; title: "Suspicious"; } td.rs.rt { background: #21F411; title: "Trusted"; } td.rs.rc { background: #21F411; title: "Checked"; } td.rs.ry { background: #21F411; title: "Up-to-You"; } td.rs.rr { background: #F6EB13; title: "Riskware"; } td.rs.ru { background: #D4D0C8; title: "Unknown"; } td.rs.rn { background: #FFFFFF; title: "Not checked"; } </style> </head> <body> <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br> <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br> Saved at 20:48:27 on 01.10.2010</p> <b>OS</b>: Windows Vista Home Basic Edition Service Pack 1 (Build 6001), 32-bit<br> <b>Default Browser</b>: Mozilla Corporation Firefox 3.5.7<br> <br><b>Scanner Settings</b><br> <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br> <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br> <input type="checkbox" disabled checked>Retrieve files information<br> <input type="checkbox" disabled checked>Check Microsoft signatures<br> <br><b>Filters</b><br> <input type="checkbox" disabled>Trusted entries<br> <input type="checkbox" disabled>Empty entries<br> <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br> <input type="checkbox" disabled checked>Exclusively opened files<br> <input type="checkbox" disabled checked>Not found files<br> <input type="checkbox" disabled checked>Files without detailed information<br> <input type="checkbox" disabled checked>Existing files<br> <input type="checkbox" disabled>Non-startable services<br> <input type="checkbox" disabled>Non-startable drivers<br> <input type="checkbox" disabled checked>Active entries<br> <input type="checkbox" disabled checked>Disabled entries<br> <br> <table border="1" cellpadding="0" cellspacing="0"> <tr> <th class="cap" width="20"> </th> <th class="cap">Risk</th> <th class="cap">Name</th> <th class="cap">Publisher</th> <th class="cap">Full Path</th> <th class="cap">Status</th> </tr> <tr> <td class="group" colspan="6">Common</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\Tasks</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineCore.job"</td> <td>"Google Inc."</td> <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineUA.job"</td> <td>"Google Inc."</td> <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Drivers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"catchme" (catchme)</td> <td class="notfound"></td> <td class="notfound">C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Cisco Systems Inc. IPSec Driver" (CVPNDRVA)</td> <td>"Cisco Systems, Inc."</td> <td>C:\Windows\system32\Drivers\CVPNDRVA.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"FssFltr" (fssfltr)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\System32\DRIVERS\fssfltr.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IP in IP Tunnel Driver" (IpInIp)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\ipinip.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IPX Traffic Filter Driver" (NwlnkFlt)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkflt.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IPX Traffic Forwarder Driver" (NwlnkFwd)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkfwd.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"PxHelp20" (PxHelp20)</td> <td>"Sonic Solutions"</td> <td>C:\Windows\System32\Drivers\PxHelp20.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"USB PC Camera (SNPSTD3)" (SNPSTD3)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\snpstd3.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Carpetas Web"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel"</td> <td>"Hewlett-Packard Company"</td> <td>"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td> <td>"Adobe Systems, Inc."</td> <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class"</td> <td>"Tracker Software Products Ltd."</td> <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td> <td></td> <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"</td> <td>"Skype Technologies"</td> <td>C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{828030A1-22C1-4009-854F-8E305202313F} "livecall"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{828030A1-22C1-4009-854F-8E305202313F} "msnim"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td> <td>"Igor Pavlov"</td> <td>C:\Program Files\7-Zip\7-zip.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0006F045-0000-0000-C000-000000000046} "Extensión de iconos de archivo de Outlook"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td> <td></td> <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td> <td></td> <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td> <td></td> <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td> <td></td> <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider"</td> <td>"Tracker Software Products Ltd."</td> <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler"</td> <td>"Tracker Software Products Ltd."</td> <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider"</td> <td>"Tracker Software Products Ltd."</td> <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF"</td> <td>"XSS"</td> <td>C:\Windows\System32\ShellvRTF.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="group" colspan="6">Internet Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td><binary data> "&Windows Live Toolbar"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab</td> <td>"The Facebook"</td> <td>C:\Windows\Downloaded Program Files\PhotoUploader5.ocx</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab</td> <td>"The Facebook"</td> <td>C:\Windows\Downloaded Program Files\PhotoUploader55.ocx</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\npjpi160_17.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class"<br>hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool"<br>hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab</td> <td>"Microsoft® Corporation"</td> <td>C:\Windows\Downloaded Program Files\MsnPUpld.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{E77F23EB-E7AB-4502-8F37-247DBAF1A147} "Windows Live Hotmail Photo Upload Tool"<br>hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab</td> <td>"Microsoft® Corporation"</td> <td>C:\Windows\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"<br>hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Agregar entrada"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"PDFill PDF Editor"</td> <td>"PlotSoft LLC"</td> <td>C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td><binary data> "&Windows Live Toolbar"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"</td> <td>"Adobe Systems Incorporated"</td> <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Program Files\Java\jre6\bin\jp2ssv.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rc">|| </td> <td>{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Family Safety\fssbho.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{055FD26D-3A88-4e15-963D-DC8493744B1D} "{055FD26D-3A88-4e15-963D-DC8493744B1D}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="group" colspan="6">Logon</td> </tr> <tr> <td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Users\Administrator_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Microsoft Office.lnk"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Microsoft Office\Office\OSA9.EXE</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"VPN Client.lnk"</td> <td>"Cisco Systems, Inc."</td> <td>C:\Program Files\Cisco Systems\VPN Client\vpngui.exe</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"LightScribe Control Panel"</td> <td>"Hewlett-Packard Company"</td> <td>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Skype"</td> <td>"Skype Technologies S.A."</td> <td>"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"StartupPrograms"</td> <td class="notfound"></td> <td class="notfound">rdpclip</td> <td class="notfound">File not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Adobe Reader Speed Launcher"</td> <td>"Adobe Systems Incorporated"</td> <td>"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"FreePDF Assistant"</td> <td>"shbox.de"</td> <td>C:\Program Files\FreePDF_XP\fpassist.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"fssui"</td> <td>"Microsoft Corporation"</td> <td>"C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"HP Health Check Scheduler"</td> <td>"Hewlett-Packard"</td> <td>C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"HP Software Update"</td> <td>"Hewlett-Packard Co."</td> <td>C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"hpWirelessAssistant"</td> <td>"Hewlett-Packard Development Company, L.P."</td> <td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"LifeCam"</td> <td>"Microsoft Corporation"</td> <td>"C:\Program Files\Microsoft LifeCam\LifeExp.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"QPService"</td> <td>"CyberLink Corp."</td> <td>"C:\Program Files\HP\QuickPlay\QPService.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"SunJavaUpdateSched"</td> <td>"Sun Microsystems, Inc."</td> <td>"C:\Program Files\Java\jre6\bin\jusched.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"UCam_Menu"</td> <td>"CyberLink Corp."</td> <td>"C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"WAWifiMessage"</td> <td>"Hewlett-Packard Development Company, L.P."</td> <td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rc">|| </td> <td>"Launcher"</td> <td>"soft thinks"</td> <td>%WINDIR%\SMINST\launcher.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Print Monitors</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"KM Language Monitor"</td> <td>"KYOCERA MITA Corporation"</td> <td>C:\Windows\system32\KMPJLMN.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"KM USB Port"</td> <td>"KYOCERA MITA"</td> <td>C:\Windows\system32\KM-PMKN.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"PDFill Writer Monitor"</td> <td>"Windows (R) Codename Longhorn DDK provider"</td> <td>C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll</td> <td>File exists</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td class="nodetails">"Redirected Port"</td> <td class="nodetails"></td> <td class="nodetails">C:\Windows\system32\redmonnt.dll</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td class="group" colspan="6">Services</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Cisco Systems, Inc. VPN Service" (CVPND)</td> <td>"Cisco Systems, Inc."</td> <td>C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Com4Qlb" (Com4Qlb)</td> <td>"Hewlett-Packard Development Company, L.P."</td> <td>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Google Software Updater" (gusvc)</td> <td>"Google"</td> <td>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Google Update Service (gupdate)" (gupdate)</td> <td>"Google Inc."</td> <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td class="nodetails">"Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope" (HRService)</td> <td class="nodetails"></td> <td class="nodetails">C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"HP Health Check Service" (HP Health Check Service)</td> <td>"Hewlett-Packard"</td> <td>C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"hpqwmiex" (hpqwmiex)</td> <td>"Hewlett-Packard Development Company, L.P."</td> <td>C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"InstallDriver Table Manager" (IDriverT)</td> <td>"Macrovision Corporation"</td> <td>C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"LightScribeService Direct Disc Labeling Service" (LightScribeService)</td> <td>"Hewlett-Packard Company"</td> <td>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"MSCamSvc" (MSCamSvc)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Net Driver HPZ12" (Net Driver HPZ12)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\system32\HPZinw12.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Pml Driver HPZ12" (Pml Driver HPZ12)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\system32\HPZipm12.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"RoxMediaDB9" (RoxMediaDB9)</td> <td>"Sonic Solutions"</td> <td>C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SeaPort" (SeaPort)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Servicio de Windows Live Protección infantil" (fsssvc)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Windows Live\Family Safety\fsssvc.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"stllssvr" (stllssvr)</td> <td>"MicroVision Development, Inc."</td> <td>C:\Program Files\Common Files\SureThing Shared\stllssvr.exe</td> <td>File exists</td> </tr> </table> <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p> </body></html> und der Output von bootkit remover (Console) Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600 1), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180 Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... Viele Grüße Martin |
|
01.10.2010, 20:08
| #10 |
| | Trojan.BHO löschen Zusätzlich noch das Log von bootkit remover als zip. |
|
03.10.2010, 12:10
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschenZitat:
Wie dem auch sei, das OSAM-Log ist ok. Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2010, 20:04
| #12 |
| | Trojan.BHO löschen Hallo Arne, die Funktion speichern als *.log habe ich nicht gefunden, darum habe ich den html-code gepostet. Die MBRCheck_<Datum>_<Uhrzeit>.txt-Datei liegt leider auch nicht auf meinem Desktop, irgendetwas scheine ich falsch zu machen  Hier der log-Output von der Console, ich hoffe, der hilft Dir weiter: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Basic Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP G7000 Notebook PC Logical Drives Mask: 0x0000001c \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`63d9a800 (NTFS) Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Danke und Gruß Martin |
|
04.10.2010, 20:17
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschen Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2010, 21:40
| #14 |
| | Trojan.BHO löschen Hallo Arne, hab ich gemacht. Malwarebytes zeigt jetzt noch einen infizierten Key an: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4693 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18943 10/7/2010 10:27:27 PM mbam-log-2010-10-07 (22-27-27).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 820001 Time elapsed: 1 hour(s), 55 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL sagt folgendes:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/7/2010 10:28:44 PM - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Marit\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,013.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105.56 Gb Total Space | 49.18 Gb Free Space | 46.59% Space Free | Partition Type: NTFS Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARIT-PC Current User Name: Administrator_1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.web.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5 FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions [2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions [2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions [2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml [2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml [2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml [2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml [2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml [2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml [2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml [2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml [2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif [2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src [2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml [2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml [2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml [2010/09/30 20:47:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} [2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/09/30 21:15:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/30 21:24:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Local\temp [2010/09/30 20:48:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/09/30 20:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/09/30 20:48:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/09/30 20:48:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/09/30 20:48:47 | 000,000,000 | ---D | C] -- C:\cofi.exe [2010/09/30 20:47:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/30 20:46:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/09/30 20:37:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010/09/30 15:06:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010/09/29 20:40:10 | 000,000,000 | ---D | C] -- C:\_OTL [2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes [2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6 [2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG [2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL ========== Files - Modified Within 30 Days ========== [2010/10/07 22:30:25 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/10/07 22:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job [2010/10/07 22:28:47 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat [2010/10/07 22:28:30 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms [2010/10/07 22:28:30 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf [2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/07 19:51:32 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/10/07 19:50:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/10/07 19:49:50 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010/10/07 19:49:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/10/07 19:49:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/07 19:49:13 | 1061,216,256 | -HS- | M] () -- C:\hiberfil.sys [2010/10/01 20:48:05 | 000,044,756 | ---- | M] () -- C:\Users\Administrator_1\Desktop\osam.html [2010/10/01 20:35:02 | 207,754,849 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/09/30 21:27:06 | 002,271,579 | -H-- | M] () -- C:\Users\Administrator_1\AppData\Local\IconCache.db [2010/09/30 21:15:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/09/30 21:15:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/09/30 20:46:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg [2010/09/30 20:45:15 | 000,000,804 | ---- | M] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk [2010/09/30 20:41:28 | 000,211,702 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg [2010/09/30 15:35:48 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2010/10/01 20:46:57 | 000,044,756 | ---- | C] () -- C:\Users\Administrator_1\Desktop\osam.html [2010/10/01 20:33:51 | 207,754,849 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/09/30 20:48:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/09/30 20:48:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/09/30 20:48:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/09/30 20:48:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/09/30 20:48:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/09/30 20:46:15 | 000,000,512 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg [2010/09/30 20:45:15 | 000,000,804 | ---- | C] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk [2010/09/30 20:41:18 | 000,211,702 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg [2010/09/30 15:35:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini [2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll [2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd [2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat [2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt [2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt [2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL < End of report > Wie geht's nun weiter? Danke und Gruß Martin |
|
08.10.2010, 11:27
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.BHO löschen Nach dem mbr-fix brauch ich eines neues Log von mbrcheck
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.BHO löschen |
| avira, deinstalliere, einträge, forum, hinweis, icq, infizierte, inter, interne, internet, löschen, rechner, registry, sauber, toolbar, troja, trojan.bho, träge |
Linear-Darstellung
