Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2321
Windows 5.1.2600 Service Pack 3

22.06.2009 14:51:03
mbam-log-2009-06-22 (14-50-19).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|)
Durchsuchte Objekte: 171448
Laufzeit: 1 hour(s), 26 minute(s), 31 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 82
Infizierte Registrierungswerte: 13
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 4
Infizierte Dateien: 36

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\erwin\Lokale Einstellungen\Temp\winlogon.exe (Trojan.Buzus) -> No action taken.
C:\Dokumente und Einstellungen\erwin\Lokale Einstellungen\Temp\53.tmp.exe (Trojan.FakeAlert) -> No action taken.

Infizierte Speichermodule:
C:\WINDOWS\system32\sysfldr.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\basemeo32.dll (Trojan.Downloader) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bfgtoolbar1.bfgtoolbar (Adware.OneToolBar) -> No action taken.
HKEY_CLASSES_ROOT\bfgtoolbar1.bfgtoolbarmenu button (Adware.OneToolBar) -> No action taken.
HKEY_CLASSES_ROOT\bfgtoolbar1.bfgtoolbartoggle button (Adware.OneToolBar) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ieffse32.msdn_hlp (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\loaderx.installer (Adware.Winad) -> No action taken.
HKEY_CLASSES_ROOT\loaderx.installer.1 (Adware.Winad) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cff1f9de-0153-41b7-a947-e5b146ed913f} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e5e0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.Winad) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cef14066-d3d2-4ad0-a040-731a70476ea4} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{b6ae55bf-4617-93ef-6ea4-4e52199ca591} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{314f88d6-80ce-408a-9e8f-b2389b81e8b8} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a7f202e-af91-4889-9dd5-2fe241085cc1} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550a (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PG.dll (Rogue.WinSecureAv) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall auto setup (Trojan.Buzus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{34ec76b6-53c4-4686-822f-910c790683fb} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\http://91.203.92.13/files/41/0/file.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ad1b34e-6212-411c-a1fc-53b6ca0e1349}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{521f2af0-9c18-43ac-afa7-f3a3d5f20940}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ad1b34e-6212-411c-a1fc-53b6ca0e1349}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{521f2af0-9c18-43ac-afa7-f3a3d5f20940}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ad1b34e-6212-411c-a1fc-53b6ca0e1349}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{521f2af0-9c18-43ac-afa7-f3a3d5f20940}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.59,85.255.112.120 -> No action taken.

Infizierte Verzeichnisse:
C:\Programme\Online Image Add-on (Trojan.Zlob) -> No action taken.
c:\dokumente und einstellungen\erwin\Anwendungsdaten\WinAnonymous (Rogue.WinAnonymous) -> No action taken.
c:\dokumente und einstellungen\erwin\anwendungsdaten\winanonymous\Logs (Rogue.WinAnonymous) -> No action taken.
C:\Programme\Gemeinsame Dateien\WinAnonymous (Rogue.WinAnonymous) -> No action taken.

Infizierte Dateien:
C:\WINDOWS\system32\sysfldr.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\erwin\Lokale Einstellungen\Temp\winlogon.exe (Trojan.Buzus) -> No action taken.
C:\Dokumente und Einstellungen\erwin\Lokale Einstellungen\Temp\53.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
c:\dokumente und einstellungen\erwin\lokale einstellungen\Temp\53.tmp (Trojan.FakeAlert) -> No action taken.
c:\dokumente und einstellungen\erwin\lokale einstellungen\Temp\BF.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\msb.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\ntload.dll (Rogue.Agent) -> No action taken.
c:\WINDOWS\system32\winds32.exe (Trojan.Peed) -> No action taken.
c:\WINDOWS\system32\wpx15.cpx (Trojan.Peed) -> No action taken.
c:\WINDOWS\system32\wpx2.cpx (Trojan.Pakes) -> No action taken.
c:\WINDOWS\system32\wpx25.cpx (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wpx27.cpx (Trojan.Peed) -> No action taken.
c:\WINDOWS\system32\wpx29.cpx (Virus.Sality) -> No action taken.
c:\WINDOWS\system32\wpx38.cpx (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wpx4.cpx (Trojan.Buzus) -> No action taken.
c:\WINDOWS\system32\wscmp.dll (Rogue.Multiple) -> No action taken.
c:\programme\online image add-on\ot.ico (Trojan.Zlob) -> No action taken.
c:\programme\online image add-on\ts.ico (Trojan.Zlob) -> No action taken.
c:\dokumente und einstellungen\erwin\anwendungsdaten\winanonymous\Logs\update.log (Rogue.WinAnonymous) -> No action taken.
c:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\sex3.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsrc.dll (Adware.Toolbar) -> No action taken.
c:\WINDOWS\system32\basemeo32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lich.dat (Stolen.data) -> No action taken.
c:\WINDOWS\glok+serv.config (Worm.Zhelatin) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\dflgh8jkd2q8.exe (Heuristics.Malware) -> No action taken.
C:\WINDOWS\system32\vx.tll (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.