Trojaner: pop up öffnet sich selbstständig

sarahp · 01.04.2010, 23:23

Hi,
irgendwie hab ich mir einen Trojaner eingefangen, der den Internet Explorer alle Viertelstunde selbstständig öffnet und mir irgendwelche Werbung zeigt.
Antivir hat mir den Trojaner schon gemeldet. Ich habe ihn also löschen lassen, nachdem Zugriff verweigern und in Quarantäne nichts genutzt hat. Jetzt hat der Scan nichts mehr ergeben und auch Adaware findet nichts.
Nach einer Recherche hier im Forum habe ich schon den CCleaner und den Spywarefighter durchgeschoben. Hat nichts gebracht! Auch ein BitDefender Online Scan hat mir gesagt, mein System sei sauber. Hier also mal mein Hijack this ergebnis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:28, on 01.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\Rbumia.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe
C:\Users\Sarah\AppData\Local\Temp\Rjd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27361109i4b6l0360z1m5f4861u55r
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27361109i4b6l0360z1m5f4861u55r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27361109i4b6l0360z1m5f4861u55r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27361109i4b6l0360z1m5f4861u55r
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\**\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\**\AppData\Local\Temp\Rjd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Artist%20Colony/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Artist%20Colony/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12156 bytes

Danke für die Hilfe!

cosinus · 02.04.2010, 17:33

Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Mach bitte einen Durchgang mit Malwarebytes und SUPERAntiSpyware und poste beide Logs.

sarahp · 02.04.2010, 20:00

Ui.. also Malware hat ne menge gefunden:
Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3947

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.04.2010 20:33:19
mbam-log-2010-04-02 (20-33-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 103303
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\**\AppData\Local\Temp\Rjb.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\**\AppData\Local\Temp\Rjd.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.

Soll ich das gleich entfernen lassen?

Jetzt SuperAntiSpyware (übrigens sehr kreative namensfindung...):

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/02/2010 at 08:58 PM

Application Version : 4.35.1000

Core Rules Database Version : 4762
Trace Rules Database Version: 2574

Scan type : Quick Scan
Total Scan Time : 00:21:27

Memory items scanned : 727
Memory threats detected : 2
Registry items scanned : 446
Registry threats detected : 2
File items scanned : 23471
File threats detected : 59

Trojan.Agent/Gen-FakeAlert
C:\WINDOWS\RBUMIA.EXE
C:\WINDOWS\RBUMIA.EXE

Trojan.Agent/Gen-CDesc[Jockj-LG]
C:\USERS\SARAH\APPDATA\LOCAL\TEMP\RJD.EXE
C:\USERS\SARAH\APPDATA\LOCAL\TEMP\RJD.EXE
[YVIBBBHA8C] C:\USERS\SARAH\APPDATA\LOCAL\TEMP\RJD.EXE
C:\Windows\Prefetch\RJD.EXE-42564501.pf

Adware.IWinGames
HKU\S-1-5-21-3217183876-3498461505-2069222615-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@nakedanatomy[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@maturelikesex[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@zanox-affiliate[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.zanox-affiliate[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ads1.adultadvertising[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.youngteenclub[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adprotraffic[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@zanox[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@mediaplex[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@teensvidsex[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@teenpicsdir[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@trafficholder[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@fastclick[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.onpornstar[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@doubleclick[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@abysspornstars[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adfarm1.adition[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adultadworld[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@webmasterplan[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@server.iad.liveperson[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adtech[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@tradedoubler[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@pornomatureonline[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ideal-teens[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@myroitracking[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ad.zanox[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adserving.ezanga[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@traffictrack[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@unitymedia[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.greatteengirl[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.onpornstar[3].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@rts.pgmediaserve[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@im.banner.t-online[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[3].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@admarketplace[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ads.crakmedia[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@apmebf[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@overture[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.idealsexy[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.ideal-teens[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@smartadserver[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@onpornstar[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@eas.apm.emediate[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@youngteenclub[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@www.adbrite[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@clicksor[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ad.yieldmanager[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@pro-market[2].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@bridge2.admarketplace[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@server.iad.liveperson[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@collective-media[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@toplist[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@tracking.quisma[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@adbrite[1].txt
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@advertise[1].txt

Ich weiß ich hab 64-Bit-Windows. Auch auf die Gefahr hin, dass ich mich wie ein naives Blondchen anhöre, aber mein Papa hat mir den Laptop zu Weihnachten geschenkt und gesagt, dass muss man sich schon gönnen mit 64 Bit... also der ist doch quasi noch ganz neu =(
Ja also danke für die schnelle Antwort wollt ich noch sagen!

cosinus · 02.04.2010, 20:18

Bitte alle Funde entfernen. Poste danach solche Logfile:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

sarahp · 02.04.2010, 21:00

Soooo.. hier das Lag:
OTL logfile created on: 02.04.2010 21:46:46 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 400,91 Gb Free Space | 88,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sarah\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
PRC - C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe (Chicony)

========== Modules (SafeList) ==========

MOD - C:\Users\Sarah\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Common Toolkit Service) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
SRV - (AV Engine Scanning Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\drivers\avfsfilter.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.26 14:00:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.20 17:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.20 17:03:26 | 000,000,000 | ---D | M]

[2009.11.25 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010.04.02 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\atganphk.default\extensions
[2010.01.27 11:00:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\atganphk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.01 22:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\atganphk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.04.01 18:49:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.11.25 23:12:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.03.20 17:03:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.20 17:03:24 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.20 17:03:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.20 17:03:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.20 17:03:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Artist%20Colony/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Artist%20Colony/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.02 20:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.04.02 20:24:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
[2010.04.02 20:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010.04.02 20:22:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010.04.02 20:22:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.02 20:22:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.02 20:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.02 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.02 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Farm Mania
[2010.04.01 23:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.04.01 22:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\QuickScan
[2010.04.01 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.04.01 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Common Toolkit Suite
[2010.04.01 18:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2010.04.01 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2010.04.01 18:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2010.04.01 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2010.04.01 18:48:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{88078557-37D5-402B-8B75-49F162ECEDBD}
[2010.04.01 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Fighters
[2010.04.01 18:48:30 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\PackageAware
[2010.03.31 12:12:53 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.31 12:12:53 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.03.31 12:12:53 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.31 12:12:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.03.31 12:12:53 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.31 12:12:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.31 12:12:53 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.31 12:12:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.30 11:01:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PlayfulAge
[2010.03.30 11:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayfulAge
[2010.03.29 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Oberon
[2010.03.27 15:43:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\LegacyInteractive
[2010.03.27 12:50:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Sandlot Games
[2010.03.27 12:50:12 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.03.20 14:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sandlot Shared
[2010.03.19 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\BigFish_Janes_Realty
[2010.03.17 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Curious Sense
[2010.03.17 20:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Curious Sense
[2010.03.17 17:44:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\WinRAR
[2010.03.17 17:44:14 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.03.16 17:51:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\BrokenHearts
[2010.03.15 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Dragon Altar Games
[2010.03.11 18:30:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\iWin
[2010.03.11 18:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin
[2010.03.10 16:38:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Bigfish 3 Days Zoo Mystery
[2010.03.10 13:11:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\BanzaiInteractive
[2010.03.10 13:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BanzaiInteractive
[2010.03.08 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\BigFishGames
[2010.03.07 22:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
[2010.03.07 17:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games
[2010.03.04 23:16:42 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Nero
[2009.08.22 08:08:27 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2010.04.02 21:55:15 | 002,359,296 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT
[2010.04.02 21:51:22 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.02 21:51:22 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.02 21:45:02 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.02 21:43:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.02 21:43:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.02 21:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.02 21:43:40 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.02 21:42:55 | 001,286,320 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010.04.02 21:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.02 20:24:39 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.02 20:22:29 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.02 20:20:46 | 000,023,720 | ---- | M] () -- C:\Windows\wininit.ini
[2010.04.02 15:39:35 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2010.04.01 23:02:18 | 000,002,069 | ---- | M] () -- C:\Users\Sarah\Desktop\HijackThis.lnk
[2010.04.01 22:31:06 | 000,001,861 | ---- | M] () -- C:\Users\Sarah\Desktop\CCleaner.lnk
[2010.04.01 18:49:16 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2010.04.01 17:10:41 | 000,172,544 | ---- | M] () -- C:\Windows\Rbumia.exe
[2010.03.30 21:59:43 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.30 21:59:43 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.03.30 21:59:43 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.30 21:59:43 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.03.30 21:59:43 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.21 22:23:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.03.17 17:32:38 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010.03.11 13:15:53 | 000,013,720 | ---- | M] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2010.03.10 17:46:45 | 000,098,304 | ---- | M] () -- C:\Users\Sarah\Documents\Feb_Mrz_IF_10.doc
[2010.03.05 19:52:06 | 000,028,160 | ---- | M] () -- C:\Users\Sarah\Documents\Aushilfskräfte1.doc

========== Files Created - No Company Name ==========

[2010.04.02 21:45:02 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.02 20:24:39 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.02 20:22:29 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.01 23:02:18 | 000,002,069 | ---- | C] () -- C:\Users\Sarah\Desktop\HijackThis.lnk
[2010.04.01 22:31:06 | 000,001,861 | ---- | C] () -- C:\Users\Sarah\Desktop\CCleaner.lnk
[2010.04.01 18:49:16 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2010.04.01 17:10:49 | 000,172,544 | ---- | C] () -- C:\Windows\Rbumia.exe
[2010.03.27 12:50:39 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2010.03.21 22:23:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.03.11 13:15:53 | 000,013,720 | ---- | C] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2010.03.05 19:46:40 | 000,028,160 | ---- | C] () -- C:\Users\Sarah\Documents\Aushilfskräfte1.doc
[2010.01.27 22:26:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.01.27 22:26:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.05 16:31:28 | 000,023,720 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.25 23:40:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.26 06:16:21 | 000,001,664 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.10.25 22:08:12 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.22 08:07:42 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.16 08:27:29 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.08.16 08:27:29 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.08.16 08:27:26 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.08.16 08:27:26 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.08.16 08:27:26 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFNYTK1RVLNGCMVL4DD93BG1J5EVFJVTJFBVLJV7
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:8C81B36D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FB647F34
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6AF67671
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:17F7AEA3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:178093AE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:10F6E97E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:EF5B3572
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:C4D9B0D5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3D186293
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F9EDCFB0
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:AA5522A0
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:6D4F7F2B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:32ED8AE7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5FD47318
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BBF60A29
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AC73CDCE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:55C54F7C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:596E2371
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:943E8182
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0C988F7D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6017A808
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EC855C73
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AA8AD2BF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9FE30AB2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8944C195
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5335CE76
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:405D842B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CE6885F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:7E082023
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:55E1514E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:9AE67195
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:51387F29
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F9E46E4C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E5816AB5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E027789A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C5E2BAEE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:26FBC1F9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ED194880
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp

D04902E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp

A23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:91B240CD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AC0528D9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:85A0F6D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56C17A93
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1B9E79B3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0EC44AEB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F986CC21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E7C9DAAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:996104FC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6425A235
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B3942462
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C35B4B19
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5FFC2819
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:450741F6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:122B409D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:054F0F17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp

8F9D810
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3AE22B1A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A7B70C4E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4A2862FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CA8D6B60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0D52F295
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A6CDBCAC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9DCE3A1C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7FCB9D0D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1F7A10DD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2B1EA607
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp

507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp

E1CB753
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:B07EB05A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:FF9C44FE
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:6444B424
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:98B76F24
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:FC4EA67C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F18CD2E9
< End of report >

War aber nur eins... reicht es trotzdem?

cosinus · 02.04.2010, 21:11

Zitat:

C:\Windows\Rbumia.exe

Bitte diese Datei bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

sarahp · 03.04.2010, 10:10

Datei Rbumia.exe empfangen 2010.04.03 09:07:38 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 14/42 (33.34%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.03 -
AhnLab-V3 5.0.0.2 2010.04.03 Win-Trojan/Fakeav.172544.E
AntiVir 7.10.6.23 2010.04.02 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.02 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.04.02 -
Avast5 5.0.332.0 2010.04.02 -
AVG 9.0.0.787 2010.04.02 Downloader.Generic9.BMMH
BitDefender 7.2 2010.04.03 -
CAT-QuickHeal 10.00 2010.04.03 -
ClamAV 0.96.0.0-git 2010.04.03 -
Comodo 4482 2010.04.03 -
DrWeb 5.0.2.03300 2010.04.03 Trojan.DownLoader1.4092
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7405 2010.04.02 -
F-Prot 4.5.1.85 2010.04.02 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.02 Suspicious:W32/Malware!Gemini
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.03 -
Ikarus T3.1.1.80.0 2010.04.03 -
Jiangmin 13.0.900 2010.04.03 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.03 -
McAfee 5937 2010.03.31 Downloader-CEW
McAfee+Artemis 5937 2010.03.31 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.02 -
Microsoft 1.5605 2010.04.03 TrojanDownloader:Win32/Renos.KF
NOD32 4995 2010.04.02 a variant of Win32/Kryptik.DLB
Norman 6.04.10 2010.04.01 -
nProtect 2009.1.8.0 2010.04.03 -
Panda 10.0.2.2 2010.04.02 -
PCTools 7.0.3.5 2010.04.03 -
Prevx 3.0 2010.04.03 High Risk Cloaked Malware
Rising 22.41.04.05 2010.04.02 Packer.Win32.UnkPacker.a
Sophos 4.52.0 2010.04.03 Sus/UnkPack-C
Sunbelt 6132 2010.04.03 -
Symantec 20091.2.0.41 2010.04.03 Suspicious.Insight
TheHacker 6.5.2.0.251 2010.04.02 -
TrendMicro 9.120.0.1004 2010.04.03 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.3.2259 2010.04.03 -
VirusBuster 5.0.27.0 2010.04.02 -
weitere Informationen
File size: 172544 bytes
MD5...: c1639066c1b7d51ad983d511e9c31140
SHA1..: 4c7fc791b23a635fd975581f956e8b71de65a398
SHA256: a6d9747b755bb5627dfebf848b35b52b6bbc99eb42891a7d07c32e04f43e35a1
ssdeep: 3072:6rSZ0vk1aFe72bLJibT5FeI/5L3l6BAIXHAtX+QIG:62u801LJiV9la1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2e86
timedatestamp.....: 0x4aeb8071 (Sat Oct 31 00:10:25 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
7 0x1000 0x9e74 0xa000 5.64 389ba30736356e88bd596eb6657965f5
3 0xb000 0x3014d 0x1d200 7.46 de0d002472c9dce5233cdaed6a5fc17e
.9 0x3c000 0x2a27 0x2c00 5.13 a786e272eb2f631afc9f0dfcdd4c10d1

( 9 imports )
> user32.dll: GetKeyState, DefWindowProcA, ShowScrollBar, CheckMenuItem, GetWindowTextA, GetMenuStringA, GetMenu, EnableWindow, CreateIcon, BeginDeferWindowPos, IsMenu, SystemParametersInfoA, DrawFrameControl, CreateMenu, GetSysColor, GetDCEx, MessageBoxA, GetDesktopWindow, GetPropA, TrackPopupMenu, GetClassLongA, GetScrollRange, GetFocus, FrameRect, GetMenuState, EnumWindows, CallWindowProcA, SetWindowLongA, GetActiveWindow, EnumChildWindows
> kernel32.dll: GetModuleHandleA, WaitForSingleObject, LockResource, FindFirstFileA, GetEnvironmentStrings, LoadLibraryA, VirtualAllocEx, HeapAlloc, GetSystemDefaultLangID, lstrcatA, GetModuleFileNameA, lstrcpynA, GetFileType, VirtualQuery, GetStartupInfoA, GetLocaleInfoA, ReadFile, ExitProcess, GetCurrentProcess, MoveFileExA, WriteFile, GetVersionExA, SetEvent, GetCurrentThreadId
> comctl32.dll: ImageList_DragShowNolock, ImageList_Remove
> gdi32.dll: GetDIBits
> shlwapi.dll: SHQueryValueExA, SHEnumValueA, SHStrDupA, PathIsContentTypeA
> comdlg32.dll: GetOpenFileNameA, GetSaveFileNameA, ChooseColorA, GetFileTitleA
> SHELL32.dll: SHFileOperationA, SHGetSpecialFolderLocation
> MSVCRT.dll: sqrt, memmove, malloc, clock, strlen, wcstol, srand, tolower, memset, sprintf, wcsncmp, time, mbstowcs, strncmp, atol, memcpy, strcmp, calloc, wcschr
> oleaut32.dll: SafeArrayGetElement, SysStringLen

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=02FA9D2200465C62A26A02E81D8DCF00220CA24B' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=02FA9D2200465C62A26A02E81D8DCF00220CA24B</a>

cosinus · 03.04.2010, 13:32

Lad die Datei bitte bei uns hoch > http://www.trojaner-board.de/54791-a...ner-board.html
Danach bitte löschen.

sarahp · 03.04.2010, 22:39

Danke danke für die Hilfe!

03.04.2010, 13:32	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner: pop up öffnet sich selbstständig Lad die Datei bitte bei uns hoch > http://www.trojaner-board.de/54791-a...ner-board.html Danach bitte löschen. __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner: pop up öffnet sich selbstständig

Plagegeister aller Art und deren Bekämpfung: Trojaner: pop up öffnet sich selbstständig