Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht

jejapalli · 25.04.2010, 16:45

der Link wird nur so angezeigt, ich hoffe das funzt auch so..

cosinus · 25.04.2010, 20:05

Nein , das geht so nicht. Den Link musst Du richtig posten, am besten in Codetags als mit [code] [/code] drum herum

jejapalli · 25.04.2010, 20:59

ok, jetzt aber

Code:

ATTFilter

hxxp://www.file-upload.net/download-2465032/backup.zip.html

cosinus · 26.04.2010, 10:59

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Ein frisches OTL-Log wäre auch ganz gut.

jejapalli · 26.04.2010, 16:04

1. Der Malwarebytes-Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4037

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.04.2010 17:00:29
mbam-log-2010-04-26 (17-00-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 236382
Laufzeit: 1 Stunde(n), 33 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 6
Infizierte Dateien: 148

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Qoobox\Quarantine\C\Windows\system32\gxvxciicctbrvoisqbqnltfredsepqwtdhmpm.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Marius\Downloads\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Windows\lXQMd.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\mpQIYWNVT.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\DARLf.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\MxJfdAco.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\jcoKwYB.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\BjUHNY.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\lNciX.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\pNMdOX.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\kaAqUUW.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\gRGaG.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\yfpJX.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\yNEgg.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\YPmBTyg.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\cyYlV.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\JGplMEIcP.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\pTTLWim.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\IaNlT.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\kWWpvuN.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\lnauBHSrM.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\tUvflrAGB.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\AYScfH.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\AjDmNPw.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\FfbPtM.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\hrOTB.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\rAxvgyID.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\aFbsPCkCr.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\CIaupFNS.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\ENsnkPl.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\FWnTxB.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\jlKncRSgO.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\KevUteTym.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\obaxabwbS.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\TQPgbKfQY.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\uJvAs.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\wCoojU.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\drivers\nagMy.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\drivers\oKoCnB.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04232010_231359\C_Windows\System32\drivers\oNiowTd.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MpkNetInstall.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\trial_standart.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_russian.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_russian.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_russian.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

jejapalli · 26.04.2010, 18:05

2. SUPERAntiSpyware-Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/26/2010 at 07:03 PM

Application Version : 4.35.1002

Core Rules Database Version : 4851
Trace Rules Database Version: 2663

Scan type       : Complete Scan
Total Scan Time : 01:40:13

Memory items scanned      : 645
Memory threats detected   : 0
Registry items scanned    : 6412
Registry threats detected : 0
File items scanned        : 126356
File threats detected     : 98

Adware.Tracking Cookie
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@de.sitestat[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad2.doublepimp[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@atwola[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@247realmedia[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@de.sitestat[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@myroitracking[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@xm.xtendmedia[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@stopzilla[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tribalfusion[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ads.glispa[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@cunda.122.2o7[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adfarm1.adition[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.adition[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@mediaplex[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@azjmp[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@find-best-offers[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.71i[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@kabelbw.112.2o7[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@serving-sys[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ads.heias[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@eaeacom.112.2o7[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@content.yieldmanager[3].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@apmebf[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@zbox.zanox[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@weborama[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@zedo[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adsrv1.admediate[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tacoda[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@insightexpressai[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tracking.hannoversche[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@bs.serving-sys[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.etracker[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.adnet[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adserver.easyad[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@trafficmp[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.adserver01[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@overture[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@smileycentral[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.zanox-affiliate[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.ad-srv[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ads.teleint[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@collective-media[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@atdmt[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@track.effiliation[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@rotator.adjuggler[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.yieldmanager[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@xml.happytofind[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ar.atwola[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tto2.traffictrack[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@track.adform[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@pornhub[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@advertising[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@track.effiliation[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.bannerdisplayserver[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@eas.apm.emediate[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@clicksor[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@zanox-affiliate[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@doubleclick[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@a3.adserver01[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ads.pointroll[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@trafficholder[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adserver.71i[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tradedoubler[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.adservex[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@fastclick[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@mediatraffic[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adviva[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ads.admediate[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tracking.mlsat02[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@traffictrack[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@at.atwola[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@unitymedia[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@webmasterplan[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@specificclick[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adtech[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@tracking.quisma[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@roiservice[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adprotraffic[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adserving.claxon[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.zanox[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.stopzilla[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adultfriendfinder[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@content.yieldmanager[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@hit.stat[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@pro-market[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@www.xxxgamer[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@im.banner.t-online[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@zanox[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@pointroll[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@advertise[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@teenandteen[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adserver.adtechus[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@trafficengine[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@adsby.aim4media[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@my-adserver[2].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@ad.adc-serv[1].txt
	C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Cookies\marius@smartadserver[2].txt

Trojan.Agent/Gen-FakeAlert
	C:\_OTL\MOVEDFILES\04232010_231359\C_WINDOWS\IVYZAA.EXE

OTL-Log folgt.

jejapalli · 26.04.2010, 18:11

OTL-Log, OTL.txt:

Code:

ATTFilter

OTL logfile created on: 26.04.2010 19:07:19 - Run 2
OTL by OldTimer - Version 3.2.2.0     Folder = c:\Users\Marius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 26,57 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 104,30 Gb Free Space | 79,08% Space Free | Partition Type: NTFS
Drive E: | 165,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARIUS-PC
Current User Name: Marius
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Marius\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( )
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Marius\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.partyfans.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.partyfans.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.25 17:24:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 17:34:06 | 000,000,000 | ---D | M]
 
[2009.02.13 15:15:01 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions
[2010.04.26 16:51:42 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions
[2010.02.26 17:54:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.01 17:53:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.01 18:02:53 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.01 20:06:30 | 000,000,873 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\FireFox\Profiles\7c6qlmo8.default\searchplugins\conduit.xml
[2010.04.25 10:03:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.24 22:54:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.26 17:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.04.26 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\SUPERAntiSpyware.com
[2010.04.26 17:20:05 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.04.26 17:19:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.04.26 15:23:38 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Malwarebytes
[2010.04.24 23:00:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.24 23:00:29 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Local\temp
[2010.04.24 22:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.04.24 22:04:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.24 22:04:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.24 22:04:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.24 22:04:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.24 21:59:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.24 21:59:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.24 18:53:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.24 18:53:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.24 18:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.24 18:47:11 | 005,918,720 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marius\Desktop\mbam-setup.exe
[2010.04.23 23:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.22 22:01:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.21 14:55:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.21 14:51:50 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marius\Desktop\HJTInstall.exe
[2010.04.21 14:41:55 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2010.04.20 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.18 15:54:14 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.04.18 15:52:46 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.04.18 15:52:46 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.04.18 15:52:46 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.04.18 15:52:06 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2010.04.15 16:09:53 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 16:09:52 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 16:09:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 16:09:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.08 20:59:43 | 000,000,000 | ---D | C] -- C:\Programme\RdDrv001
[2010.03.31 16:41:11 | 000,000,000 | ---D | C] -- C:\Programme\DeskTask
[2010.03.31 12:37:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:37:49 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:37:49 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:37:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:37:49 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:37:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:37:49 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:37:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:37:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:37:48 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 12:37:48 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.28 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\skypePM
[2010.03.28 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Skype
[2010.03.28 19:24:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.28 19:24:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.28 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.26 19:09:01 | 002,883,584 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT
[2010.04.26 17:21:38 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.26 17:21:38 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.26 17:21:38 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.26 17:21:38 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.26 17:21:38 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.26 17:20:08 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.26 17:19:07 | 007,899,168 | ---- | M] () -- C:\Users\Marius\Desktop\SUPERAntiSpyware.exe
[2010.04.26 17:15:23 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.04.26 17:15:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.26 17:15:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.26 17:15:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.26 17:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.26 17:15:03 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.26 17:14:01 | 000,524,288 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.26 17:14:01 | 000,065,536 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.26 17:14:00 | 006,291,456 | -H-- | M] () -- C:\Users\Marius\AppData\Local\IconCache.db
[2010.04.26 16:44:48 | 000,000,920 | ---- | M] () -- C:\Users\Marius\Desktop\Windows Media Player.lnk
[2010.04.26 15:23:34 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.25 22:28:08 | 000,233,472 | ---- | M] () -- C:\Users\Marius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.25 22:27:35 | 000,010,592 | ---- | M] () -- C:\Users\Marius\Desktop\Termine.odt
[2010.04.25 22:25:54 | 000,015,757 | ---- | M] () -- C:\Users\Marius\Documents\Parties 10.odt
[2010.04.25 17:19:49 | 000,724,952 | ---- | M] () -- C:\Users\Marius\Desktop\avenger.zip
[2010.04.24 22:54:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.24 22:54:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.04.24 22:01:56 | 003,923,062 | R--- | M] () -- C:\Users\Marius\Desktop\cofi.exe
[2010.04.24 18:47:31 | 005,918,720 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marius\Desktop\mbam-setup.exe
[2010.04.22 20:05:48 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.21 14:59:21 | 000,001,880 | ---- | M] () -- C:\Users\Marius\Desktop\test.com.lnk
[2010.04.21 14:56:26 | 206,690,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.21 14:51:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marius\Desktop\HJTInstall.exe
[2010.04.18 15:58:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.04.18 15:58:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.04.18 15:54:14 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.04.18 15:52:46 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.04.18 15:52:46 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.04.18 15:52:46 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.04.17 13:28:04 | 000,001,038 | ---- | M] () -- C:\Users\Marius\Desktop\DVDVideoSoft Free Studio.lnk
[2010.03.31 16:55:38 | 000,040,448 | ---- | M] () -- C:\Users\Marius\Documents\Inhaltsverzeichnis_TonArt_2010[1].doc
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 19:26:12 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.28 19:24:07 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2010.04.26 17:20:08 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.26 17:17:54 | 007,899,168 | ---- | C] () -- C:\Users\Marius\Desktop\SUPERAntiSpyware.exe
[2010.04.26 15:23:34 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.25 17:20:46 | 000,731,136 | ---- | C] () -- C:\Users\Marius\Desktop\avenger.exe
[2010.04.25 17:19:48 | 000,724,952 | ---- | C] () -- C:\Users\Marius\Desktop\avenger.zip
[2010.04.24 22:04:23 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.24 22:04:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.24 22:04:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.24 22:04:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.24 22:04:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.24 22:01:55 | 003,923,062 | R--- | C] () -- C:\Users\Marius\Desktop\cofi.exe
[2010.04.21 15:02:53 | 3079,262,208 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.21 14:59:21 | 000,001,880 | ---- | C] () -- C:\Users\Marius\Desktop\test.com.lnk
[2010.04.18 15:58:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.04.18 15:58:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.04.01 12:56:16 | 000,010,592 | ---- | C] () -- C:\Users\Marius\Desktop\Termine.odt
[2010.03.31 16:55:37 | 000,040,448 | ---- | C] () -- C:\Users\Marius\Documents\Inhaltsverzeichnis_TonArt_2010[1].doc
[2010.03.28 19:26:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.28 19:24:07 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.24 23:47:33 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.20 18:21:32 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.31 16:52:38 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.09 22:00:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.09 21:22:54 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.10 15:12:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2004.06.02 09:41:14 | 000,039,936 | ---- | C] () -- C:\Windows\System32\dwlGina2.dll
[2004.04.06 23:16:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PVAdoCtl.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 889 bytes -> C:\Users\Marius\Documents\Guitar Pro 5_ License and instructions.eml:OECustomProperty
< End of report >

jejapalli · 26.04.2010, 18:12

OTL-Log, Extras.exe:

Code:

ATTFilter

OTL Extras logfile created on: 26.04.2010 19:07:19 - Run 2
OTL by OldTimer - Version 3.2.2.0     Folder = c:\Users\Marius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 26,57 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 104,30 Gb Free Space | 79,08% Space Free | Partition Type: NTFS
Drive E: | 165,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARIUS-PC
Current User Name: Marius
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FD623B-9A8B-4A8A-BEAE-653B70B872FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16CE7A75-C1BA-42F1-8D79-59896ED45E63}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{23B41F56-92C0-4CC8-99F9-E77DD54DC18E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DA6131B-DDA5-42EB-967C-3F82E9D51F5B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{430198B7-D975-47D4-9AB0-F3D69B5E3967}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4D7DEEE6-EC53-4D5E-9B8A-85CBF104155C}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{67201EFF-AA4A-4F40-A199-0A9E281083EC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B5C350E-637A-4E9C-9169-2430AC1D9FBD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6CC635C6-D21D-475F-B276-8067B8BF1159}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7B86B51E-2B88-4CD9-A793-5C41AF3F30FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{85923BD0-C32E-40FD-AEB9-AEEB67FF9C08}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{86EEE681-A0AB-428B-B415-FCD0712E4464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A6253B3-C3A1-4E09-9F6A-76B61C6BCF09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4731F67-7EDE-497C-82E7-A5D523349742}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D24BF5D0-A397-4870-8F55-5CC48660D48E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2DC3EF4-4F45-406F-BFAD-ADAFBD5B9F16}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D710717F-FE06-4F60-BED3-78790F6B3866}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8BA4B7C-F06E-437F-9C6C-77353783EEB0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E7A34DC4-8AE2-45B2-81E9-2A78DA46CB35}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFE1E641-BAB4-4E19-B8BD-E2BEC9EA685D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05ABA015-BA1F-4C7F-B175-57ED4C6B208E}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wlite.exe | 
"{2C2670F9-ED50-42D9-B891-EBB1184D8089}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2DABE7D4-4D89-4CCA-9E8B-99205EA92EA5}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wservice.exe | 
"{32561091-7A0B-4CDD-8BCD-7062B73D1772}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{369B269E-1D65-4B24-B364-362C63ACEAFB}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{48049245-7B91-4583-83F2-DB3281DD2234}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4F394830-7620-4C1D-943A-2BF145485F29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{57A6187A-8E1B-455E-8F84-5C7C98ADB8EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58156763-910E-4031-9502-B5F45FB4616B}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wservice.exe | 
"{5BF92C33-701B-4F97-8202-9D232C5C841D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{62506E2D-9259-4805-BB78-6840F2F3D5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75054E42-8EAE-4306-8F45-F106B0860D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7C828BAF-72EA-46A1-B995-D27C15AE6F5B}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{927E5400-8651-448D-8885-CE5055D58505}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9D604452-9F80-41DA-A264-FF5FD0E29C24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9E585A28-A6E6-43DE-A1DE-B9A8D3683627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A0BAD5C1-C3A7-43F8-98E5-DF735F21F2C5}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{A75120F8-470B-4056-9B9E-0B9DD424EF1D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AE653943-9741-44F8-AFD8-2EC30CFC3B7C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{CAF59184-F739-41D9-A3E6-517F4C5C0A2E}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{E4EF18C3-9A02-4EE7-8AD8-374B65F70157}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E72D52C6-C345-4D00-B648-2ADC5C19C2B1}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{EC8F1B64-AE13-4504-8D6C-698606961534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EDD2F28A-E5B2-4E7C-914F-8409D36F1490}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F3C80B59-DCA8-4C5F-86E8-483B495462E2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{FAB0FD31-790D-428F-BB30-59432E563AA8}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wlite.exe | 
"TCP Query User{07B77FE6-2B40-4CC4-801F-3A8C0C321311}C:\users\marius\desktop\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\marius\desktop\ipcurve\ipcurve.exe | 
"TCP Query User{1F147715-50EB-48FE-89EF-7E6092A93FC6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2E08D9C7-B7A0-4990-A7F2-13A5FEB33575}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{389FCAD2-527B-428D-8945-0A6AF5AB2E13}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"TCP Query User{689CBE03-C3E5-462E-8804-468BC2B16DA3}C:\program files\webcam\webcam123\wsrv.exe" = protocol=6 | dir=in | app=c:\program files\webcam\webcam123\wsrv.exe | 
"TCP Query User{81DBB58C-B32B-4876-A800-D6E6B4A4C105}C:\program files\ipcurve\achtung, die kurve.exe" = protocol=6 | dir=in | app=c:\program files\ipcurve\achtung, die kurve.exe | 
"TCP Query User{C87CC01C-9265-4EB2-957F-3CBDF82E8022}C:\program files\webcam\webcam123\webcam.exe" = protocol=6 | dir=in | app=c:\program files\webcam\webcam123\webcam.exe | 
"TCP Query User{D2148BD0-B056-4688-AB85-032C10C17D35}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{D3832F4A-22D4-4E63-9E7A-C9B7EC5E2920}C:\users\marius\downloads\racer\racer.exe" = protocol=6 | dir=in | app=c:\users\marius\downloads\racer\racer.exe | 
"TCP Query User{E93AF556-6F9E-47EC-9A58-A0CBA9E933A3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{63989EB8-CA9A-49A1-BAC0-FD484FB1C955}C:\users\marius\downloads\racer\racer.exe" = protocol=17 | dir=in | app=c:\users\marius\downloads\racer\racer.exe | 
"UDP Query User{673F18C8-0C09-4878-AFE8-D3F6AB3555E3}C:\users\marius\desktop\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\marius\desktop\ipcurve\ipcurve.exe | 
"UDP Query User{6D13C780-FF93-4EDE-BB36-6C9C468CA0CF}C:\program files\webcam\webcam123\webcam.exe" = protocol=17 | dir=in | app=c:\program files\webcam\webcam123\webcam.exe | 
"UDP Query User{9CF2EAC1-3280-4A52-B262-119AE647AF4C}C:\program files\webcam\webcam123\wsrv.exe" = protocol=17 | dir=in | app=c:\program files\webcam\webcam123\wsrv.exe | 
"UDP Query User{CA521FBB-E49F-45DE-9DF3-03EEEC889E74}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{DD92D103-01E6-42B7-9C1D-EBF10FA58A98}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DEAAA894-ADB9-45D5-8BA0-372C12EBB2B0}C:\program files\ipcurve\achtung, die kurve.exe" = protocol=17 | dir=in | app=c:\program files\ipcurve\achtung, die kurve.exe | 
"UDP Query User{EA88F47C-2E56-4D73-A734-C139CD287FAB}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"UDP Query User{EB9F09BB-BF53-4A14-8A5B-F145B672BB46}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{FBEFE5C2-4C0F-499C-801F-3352300B2140}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD56EEBC-16A0-4F8F-A1E0-88FE307485ED}" = Sven Oster-Edition
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{EB955EB6-8694-4739-9454-BE3A341A628B}" = AbelCam
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CTS2" = Catch the Sperm II
"desktask" = DeskTask (remove only)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Picasa2" = Picasa 2
"PokerStars.net" = PokerStars.net
"RolandRDID0104" = ME-25-Treiber
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.2
"Webcam 1-2-3" = Webcam 1-2-3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2010 08:42:52 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2010 08:42:57 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2010 14:08:00 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2010 14:08:00 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2010 14:08:32 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2010 14:55:35 | Computer Name = Marius-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3743 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c04  Anfangszeit: 01cae24b0c5a75c0  Zeitpunkt der Beendigung:
 20
 
Error - 22.04.2010 16:02:43 | Computer Name = Marius-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.45.0.0, Zeitstempel 0x4bb10678,
 fehlerhaftes Modul mbam.exe, Version 1.45.0.0, Zeitstempel 0x4bb10678, Ausnahmecode
 0x80000003, Fehleroffset 0x00003428,  Prozess-ID 0xee4, Anwendungsstartzeit 01cae256c3c6a200.
 
Error - 23.04.2010 08:32:37 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2010 08:32:37 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2010 08:33:33 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 15.05.2009 08:42:51 | Computer Name = Marius-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.05.2009 08:44:45 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 15.05.2009 10:49:11 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 16.05.2009 03:27:38 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 16.05.2009 06:00:38 | Computer Name = Marius-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 16.05.2009 06:00:55 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 16.05.2009 14:30:55 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.05.2009 03:20:20 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.05.2009 03:21:46 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 17.05.2009 11:50:28 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

cosinus · 26.04.2010, 21:03

Das sieht jetzt alles sehr viel besser aus. Noch Probleme?

jejapalli · 27.04.2010, 15:36

Nein, jetzt läuft alles prima!

Vielen, vielen dank, du warst mir ne sehr große Hilfe!

Noch ne Frage: kann ich die ganzen Spywareprogramme deinstallieren, oder brauch ich die noch?

Gruß,
Marius

cosinus · 27.04.2010, 16:36

Die kannst Du deinstallieren. Überprüf dann mal die Updates:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

jejapalli · 28.04.2010, 16:20

Oke, hab ich alles gemacht!

Danke nochmal

25.04.2010, 20:05	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht Nein , das geht so nicht. Den Link musst Du richtig posten, am besten in Codetags als mit [code] [/code] drum herum __________________ __________________

26.04.2010, 10:59	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Ein frisches OTL-Log wäre auch ganz gut. __________________ Logfiles bitte immer in CODE-Tags posten

26.04.2010, 21:03	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht Das sieht jetzt alles sehr viel besser aus. Noch Probleme? __________________ Logfiles bitte immer in CODE-Tags posten

Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht

Antiviren-, Firewall- und andere Schutzprogramme: Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht