| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mywebsearch eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.01.2011, 01:36
| #1 |
| |  mywebsearch eingefangen Hallo Community, ich habe mir mywebsearch eingefangen. Wer kann mkir helfen, es wieder zu entfernen? Hier das HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:58:47, on 02.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe C:\Users\XXX\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- |
|
02.01.2011, 08:44
| #2 |
| | mywebsearch eingefangen Hallo,
__________________anbei noch OTL file 1 von 2:OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2011 01:10:09 - Run 1 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\XXX\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,22 Gb Total Space | 22,88 Gb Free Space | 30,83% Space Free | Partition Type: NTFS Drive D: | 73,36 Gb Total Space | 58,26 Gb Free Space | 79,42% Space Free | Partition Type: NTFS Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 7\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll () SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 45 B0 0E 9C 7B CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 16:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 16:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010.12.22 23:01:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.03 22:40:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.11.03 21:52:36 | 000,000,000 | ---D | M] [2010.11.03 23:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.11.03 23:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.02 00:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\1i7bu4gb.default\extensions [2011.01.01 19:47:31 | 000,001,238 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\1i7bu4gb.default\searchplugins\facebook.xml [2010.11.04 08:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.04 08:29:22 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found. O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.02 01:09:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2011.01.02 00:52:29 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\backups [2011.01.02 00:50:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\XXX\Desktop\HiJackThis204.exe [2011.01.02 00:40:37 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2011.01.02 00:40:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.02 00:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.02 00:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.02 00:40:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.02 00:40:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.28 13:16:07 | 000,032,768 | ---- | C] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2010.12.17 23:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 7 [2010.12.17 23:08:02 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 7 [2010.12.15 13:31:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.15 13:31:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 13:31:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 13:31:19 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 13:31:19 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 13:31:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 13:31:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.15 13:31:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.15 13:31:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 13:31:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.15 13:31:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.15 13:31:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 13:31:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 13:31:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 13:31:16 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 13:31:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.12.15 13:31:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 13:31:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 13:31:14 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2010.12.15 13:31:13 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 13:31:10 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.05 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\GetRightToGo [2010.12.05 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Downloads ========== Files - Modified Within 30 Days ========== [2011.01.02 01:09:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2011.01.02 00:50:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\XXX\Desktop\HiJackThis204.exe [2011.01.02 00:40:29 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.02 00:15:15 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 00:15:15 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 00:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.02 00:07:08 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys [2010.12.28 13:15:59 | 000,032,768 | ---- | M] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 23:08:09 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk [2010.12.16 17:41:09 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.09 20:57:00 | 000,077,312 | ---- | M] () -- C:\Users\XXX\Desktop\Vertrags-,Rechnungs- und Zahlungsübersicht 24102010.xls [2010.12.08 21:09:42 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.12.08 21:09:41 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.12.05 21:56:12 | 000,038,629 | ---- | M] () -- C:\Users\XXX\Desktop\20.03.11-15.30-Kirchheim.pdf [2010.12.05 21:54:17 | 000,037,409 | ---- | M] () -- C:\Users\XXX\Desktop\26.2.11-13.30-Markgroeningen.pdf [2010.12.05 21:52:42 | 000,037,833 | ---- | M] () -- C:\Users\XXX\Desktop\20.2.11-15.45-Flacht.pdf [2010.12.05 21:51:35 | 000,038,515 | ---- | M] () -- C:\Users\XXX\Desktop\NEU30.01.11-15.00-Hoefingen.pdf ========== Files Created - No Company Name ========== [2011.01.02 00:40:29 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.17 23:08:09 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk [2010.12.05 21:56:12 | 000,038,629 | ---- | C] () -- C:\Users\XXX\Desktop\20.03.11-15.30-Kirchheim.pdf [2010.12.05 21:54:17 | 000,037,409 | ---- | C] () -- C:\Users\XXX\Desktop\26.2.11-13.30-Markgroeningen.pdf [2010.12.05 21:52:42 | 000,037,833 | ---- | C] () -- C:\Users\XXX\Desktop\20.2.11-15.45-Flacht.pdf [2010.12.05 21:51:35 | 000,038,515 | ---- | C] () -- C:\Users\XXX\Desktop\NEU30.01.11-15.00-Hoefingen.pdf [2010.12.02 12:37:19 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.17 23:48:35 | 000,007,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > und OTL file Extras (2/2)OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.01.2011 01:10:09 - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\XXX\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 22,88 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 73,36 Gb Total Space | 58,26 Gb Free Space | 79,42% Space Free | Partition Type: NTFS
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.1.0.0
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"PixelNet Foto Client" = PixelNet Foto Client 4.8
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.11.2010 03:39:39 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = Programm FP_PL_PFS_INSTALLER.exe, Version 10.1.85.3 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d60 Startzeit: 01cb7bf2fb9e779b Endzeit: 60000 Anwendungspfad:
C:\Users\XXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe Berichts-ID: 7634d91f-e7e6-11df-a4ce-00a0d1666eb4
Error - 05.11.2010 03:32:43 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description =
Error - 05.11.2010 04:02:36 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description =
Error - 12.11.2010 17:09:46 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description =
Error - 25.11.2010 14:26:33 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description =
Error - 02.12.2010 17:41:29 | Computer Name = XXX-PC | Source = VSS | ID = 13
Description =
Error - 02.12.2010 17:41:29 | Computer Name = XXX-PC | Source = VSS | ID = 8193
Description =
Error - 02.12.2010 17:41:29 | Computer Name = XXX-PC | Source = VSS | ID = 13
Description =
Error - 02.12.2010 17:41:29 | Computer Name = XXX-PC | Source = VSS | ID = 8193
Description =
Error - 31.12.2010 09:58:46 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 9.0.0.754, Zeitstempel:
0x4c62c63e Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000dead ID des fehlerhaften Prozesses:
0x648 Startzeit der fehlerhaften Anwendung: 0x01cb9d400e58a4ac Pfad der fehlerhaften
Anwendung: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 151841ca-14e6-11e0-a22e-00a0d1666eb4
[ System Events ]
Error - 09.12.2010 15:29:58 | Computer Name = XXX-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.12.2010 15:29:58 | Computer Name = XXX-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 11.12.2010 20:43:41 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 15.12.2010 17:47:15 | Computer Name = XXX-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{E75429F3-0858-4665-8953-973FF9417BC1} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 16.12.2010 12:38:40 | Computer Name = XXX-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2423089)
Error - 16.12.2010 12:55:09 | Computer Name = XXX-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 16.12.2010 13:03:32 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 23.12.2010 18:29:41 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 25.12.2010 03:22:38 | Computer Name = XXX-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{E75429F3-0858-4665-8953-973FF9417BC1} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 31.12.2010 09:59:08 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Internet Security" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
< End of report >
und das mbam file: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5440 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.01.2011 00:48:33 mbam-log-2011-01-02 (00-48-25).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 131353 Laufzeit: 6 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 45 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken. |
|
02.01.2011, 09:12
| #3 |
  | mywebsearch eingefangen Hallo und
__________________ hast du das OTL Log erstellet während Malwarebytes lief? Hast du die Funde durch Malwarebytes entfernen lassen? MFG
__________________ |
|
02.01.2011, 13:39
| #4 |
| | mywebsearch eingefangen ja habe ich erstellt, während Malewarebytes lief. Das Ich habe alle schadhaften Dateien von Malewarebytes entfernen lassen und mache gerade einen vollständigen scan mit Malewarebytes.. Dass im Hijacklog bei den beiden Einträgen: O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) jeweils "no file" dahintersteht, liegt wahrscheinlich daran, dass ich die Dateien manuell entfernt habe (Papierkorb, dann Eraser), da ich die Dateien nicht mit "Programme deinstallieren" entfernen konnte, oder? Den wahrscheinlich zugehörigen Prozess "m3highin.exe" habe ich im Taskmanager beendet. Wenn Malewarebytes jetzt nichts mehr findet, müsste es erledigt sein, oder? |
|
02.01.2011, 14:52
| #5 | ||
| | mywebsearch eingefangen Hallo Zitat:
Zitat:
MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist   http://www.vivaconagua.org/ |
|
02.01.2011, 15:15
| #6 |
| | mywebsearch eingefangen Anbei der neue scanOTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2011 15:07:34 - Run 2 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\XXX\Desktop\Internetsicherheit Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Desktop\Internetsicherheit\OTL.exe (OldTimer Tools) PRC - C:\Users\XXX\Desktop\Internetsicherheit\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 7\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Desktop\Internetsicherheit\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll () SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 45 B0 0E 9C 7B CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 16:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 16:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010.12.22 23:01:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.03 22:40:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.11.03 21:52:36 | 000,000,000 | ---D | M] [2010.11.03 23:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.11.03 23:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.02 00:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\1i7bu4gb.default\extensions [2011.01.01 19:47:31 | 000,001,238 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\1i7bu4gb.default\searchplugins\facebook.xml [2010.11.04 08:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.04 08:29:22 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.02 01:23:34 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.02 01:15:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Internetsicherheit [2011.01.02 00:52:29 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\backups [2011.01.02 00:40:37 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2011.01.02 00:40:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.02 00:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.02 00:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.02 00:40:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.02 00:40:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.17 23:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 7 [2010.12.17 23:08:02 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 7 [2010.12.15 13:31:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.15 13:31:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 13:31:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 13:31:19 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 13:31:19 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 13:31:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 13:31:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.15 13:31:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.15 13:31:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 13:31:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.15 13:31:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.15 13:31:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 13:31:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 13:31:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 13:31:16 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 13:31:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.12.15 13:31:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 13:31:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 13:31:14 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2010.12.15 13:31:13 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 13:31:10 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.05 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\GetRightToGo [2010.12.05 00:16:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Downloads ========== Files - Modified Within 30 Days ========== [2011.01.02 12:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.02 09:17:44 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 09:17:44 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 09:09:48 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 23:08:09 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk [2010.12.16 17:41:09 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.08 21:09:42 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.12.08 21:09:41 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.12.05 21:56:12 | 000,038,629 | ---- | M] () -- C:\Users\XXX\Desktop\20.03.11-15.30-Kirchheim.pdf [2010.12.05 21:54:17 | 000,037,409 | ---- | M] () -- C:\Users\XXX\Desktop\26.2.11-13.30-Markgroeningen.pdf [2010.12.05 21:52:42 | 000,037,833 | ---- | M] () -- C:\Users\XXX\Desktop\20.2.11-15.45-Flacht.pdf [2010.12.05 21:51:35 | 000,038,515 | ---- | M] () -- C:\Users\XXX\Desktop\NEU30.01.11-15.00-Hoefingen.pdf ========== Files Created - No Company Name ========== [2010.12.17 23:08:09 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk [2010.12.05 21:56:12 | 000,038,629 | ---- | C] () -- C:\Users\XXX\Desktop\20.03.11-15.30-Kirchheim.pdf [2010.12.05 21:54:17 | 000,037,409 | ---- | C] () -- C:\Users\XXX\Desktop\26.2.11-13.30-Markgroeningen.pdf [2010.12.05 21:52:42 | 000,037,833 | ---- | C] () -- C:\Users\XXX\Desktop\20.2.11-15.45-Flacht.pdf [2010.12.05 21:51:35 | 000,038,515 | ---- | C] () -- C:\Users\XXX\Desktop\NEU30.01.11-15.00-Hoefingen.pdf [2010.12.02 12:37:19 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.17 23:48:35 | 000,007,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > Geändert von Tom76a (02.01.2011 um 15:43 Uhr) |
|
03.01.2011, 06:12
| #7 |
| | mywebsearch eingefangen Hallo Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Hinweis: Du bist mit dem Firefox 4.0 Code:
ATTFilter C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
 Sicherheitslücken und Probleme bei der Stabilität könnten hier noch vorhanden sein.Verzichte lieber auf das Programm, als ständigen Browser. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
|
03.01.2011, 08:29
| #8 |
| | mywebsearch eingefangen Hallo, das OTL-Textfeld ist mir leider abhanden gekommen, hatte es aber durchgeschaut und alles war "successfully deleted". Ich danke dir recht herzlich für deinen tollen support! Macht weiter so! |
|
| Themen zu mywebsearch eingefangen |
| adobe, bho, browser, desktop, entfernen, eraser, explorer, firefox, hijack, hijackthis, hijackthis logfile, internet, internet explorer, kaspersky, logfile, malwarebytes, micro, microsoft, mozilla, security, senden, software, system, system32, tastatur, windows |
Textbox.
Linear-Darstellung
