Explorer öffnet wahllos Internetseiten

brownie · 19.05.2010, 22:16

Hallo
Bei mir öffnet der Internet Explorer in letzter Zeit auch einfach irgendwelche Seiten. Ich hoffe, dass ihr mir helfen könnt.

Hier die Log-Dateien:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4118

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.05.2010 21:47:25
mbam-log-2010-05-19 (21-47-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129650
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4VDD85L8NF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\XXX\AppData\Local\Temp\Wlf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\Wli.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\Wlh.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\XXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\XXX\Desktop\Antivir.lnk (Rogue.Antivir2010) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/19/2010 at 10:54 PM

Application Version : 4.37.1000

Core Rules Database Version : 4957
Trace Rules Database Version: 2769

Scan type       : Complete Scan
Total Scan Time : 00:59:59

Memory items scanned      : 654
Memory threats detected   : 2
Registry items scanned    : 7654
Registry threats detected : 1
File items scanned        : 87759
File threats detected     : 2

Trojan.Agent/Gen-CDesc[EndSec]
	C:\WINDOWS\WFAMAB.EXE
	C:\WINDOWS\WFAMAB.EXE
	C:\USERS\JAN\APPDATA\LOCAL\TEMP\WLH.EXE
	C:\USERS\JAN\APPDATA\LOCAL\TEMP\WLH.EXE
	[M5T8QL3YW3] C:\USERS\XXX\APPDATA\LOCAL\TEMP\WLH.EXE

Code:

ATTFilter

OTL logfile created on: 19.05.2010 21:36:22 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.46 Gb Total Space | 260.25 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 458.41 Gb Total Space | 302.63 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 

 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Wfamab.exe ()
PRC - C:\Users\XXX\AppData\Local\Temp\Wlh.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\BumpTop\TexHelper.exe ()
PRC - C:\Program Files (x86)\BumpTop\BumpTop.exe ()
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - c:\Programme\Gigaset USB Adapter 300\GUI.exe ()
PRC - C:\Windows\CBTWlanSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3697.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (CBTWlanSrv) -- C:\Windows\CBTWlanSrv.exe ()
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (rt2870) -- C:\Windows\SysNative\DRIVERS\rt2870.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (CBPSp50a64) -- C:\Windows\SysNative\Drivers\CBPSp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology)
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl (CyberLink Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (PSDFilter) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf ()
DRV - (PSDNServ) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf ()
DRV - (psdvdisk) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61}:3.6.0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.02.28 19:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.15 23:49:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.15 23:49:14 | 000,000,000 | ---D | M]
 
[2009.09.25 14:12:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.05.19 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions
[2010.04.27 20:52:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.18 20:24:06 | 000,000,000 | ---D | M] (XboxFox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
[2009.11.16 19:35:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.27 20:52:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\personas@christopher.beard
[2010.02.18 20:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}\chrome\mozapps\extensions
[2010.05.19 18:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.02 17:09:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Jan\AppData\Local\Temp\Wlh.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.16 13:40:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 20:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.05.17 18:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mpeg2Decoder
[2010.05.17 18:48:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010.05.17 18:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeskShare Shared
[2010.05.17 18:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deskshare
[2010.05.17 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\Dokumente\Requiem für einen Rockstar
[2010.05.17 17:19:17 | 000,000,000 | ---D | C] -- C:\MediaOutput
[2010.05.17 17:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAVConverter
[2010.05.16 20:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010.05.16 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2010.05.15 18:20:07 | 003,772,784 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010.05.15 18:19:56 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010.05.15 18:19:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\INCA Shared
[2010.05.09 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\NCH Software
[2010.05.09 13:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010.05.09 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010.05.09 12:59:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\NCH Swift Sound
[2010.05.09 00:12:08 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.05.09 00:12:08 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.05.09 00:12:08 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.05.09 00:12:08 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.05.09 00:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.05.08 21:14:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\FixWin
[2010.05.08 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Dokumente\Eidos
[2010.05.02 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\The Creative Assembly
[2010.04.26 18:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010.04.24 18:24:08 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2009.01.23 20:05:05 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 21:38:38 | 003,670,016 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2010.05.19 21:32:36 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.19 21:25:29 | 000,000,162 | -H-- | M] () -- C:\Users\XXX\Dokumente\~$mputer hilfe.docx
[2010.05.19 21:22:27 | 000,002,555 | ---- | M] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.05.19 21:21:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.19 21:07:51 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.19 21:07:51 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.19 21:07:51 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.19 21:07:51 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.19 21:07:51 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.19 21:01:51 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.19 21:01:50 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.19 21:01:47 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.19 21:01:45 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.05.19 21:01:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.05.19 21:01:42 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.19 21:01:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 21:01:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 21:01:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 21:01:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 20:56:41 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 20:56:41 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.05.19 20:56:38 | 004,682,637 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2010.05.19 20:56:35 | 000,010,164 | ---- | M] () -- C:\Users\XXX\Dokumente\computer hilfe.docx
[2010.05.18 20:12:34 | 000,006,656 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.18 19:46:26 | 000,000,067 | ---- | M] () -- C:\Windows\AVIConverter.INI
[2010.05.18 19:29:56 | 000,185,344 | ---- | M] () -- C:\Windows\Wfamab.exe
[2010.05.18 19:28:51 | 000,185,344 | ---- | M] () -- C:\Windows\Wfamaa.exe
[2010.05.17 18:48:50 | 000,356,352 | ---- | M] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010.05.17 18:48:44 | 000,001,050 | ---- | M] () -- C:\Users\XXX\Desktop\Media Converter.lnk
[2010.05.16 21:15:41 | 000,000,548 | ---- | M] () -- C:\Users\XXX\Desktop\Frontschweine.lnk
[2010.05.16 20:38:49 | 000,000,935 | ---- | M] () -- C:\Users\XXX\Desktop\IsoBuster.lnk
[2010.05.15 23:49:16 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.15 23:47:54 | 000,010,114 | ---- | M] () -- C:\Users\XXX\Dokumente\Frontschweine Download Link.docx
[2010.05.15 21:03:14 | 000,089,704 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.15 21:02:31 | 000,342,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.15 17:46:01 | 000,000,468 | ---- | M] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2010.05.10 22:10:00 | 003,772,784 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010.05.09 13:51:26 | 001,762,792 | ---- | M] () -- C:\Users\XXX\Dokumente\Daughtry.docx
[2010.05.09 12:59:57 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Music Converter.lnk
[2010.05.09 00:12:08 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.05.09 00:12:08 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.05.09 00:12:08 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.05.09 00:12:08 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.05.08 15:09:08 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\Tomb Raider Underworld.lnk
[2010.05.07 15:40:39 | 001,178,916 | ---- | M] () -- C:\Users\XXX\Desktop\Desmond Wolfe 3.jpg
[2010.05.07 15:38:30 | 000,094,791 | ---- | M] () -- C:\Users\XXX\Desktop\96627_med.jpg
[2010.05.07 15:37:05 | 000,361,185 | ---- | M] () -- C:\Users\XXX\Desktop\Bayonetta.jpg
[2010.05.07 15:17:38 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.06 17:11:53 | 000,012,320 | ---- | M] () -- C:\Users\XXX\Dokumente\Franz Vortrag.docx
[2010.05.01 11:48:46 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.04.27 21:00:55 | 000,004,209 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Lernziele Genetik.pdf
[2010.04.27 21:00:40 | 001,064,066 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie genetik3.pdf
[2010.04.27 21:00:24 | 000,204,965 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Genetik2.pdf
[2010.04.27 20:59:50 | 001,234,412 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Genetik.pdf
[2010.04.24 18:27:56 | 000,000,604 | ---- | M] () -- C:\Users\XXX\Desktop\SimCity 3000.lnk
[2010.04.24 00:11:00 | 000,012,681 | ---- | M] () -- C:\Users\XXX\Dokumente\Wrestler Liste.docx
[2010.04.22 16:07:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.04.22 16:07:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.22 14:10:28 | 000,002,415 | ---- | M] () -- C:\Users\XXX\Desktop\Skype.lnk
[2010.04.22 11:48:10 | 000,256,893 | ---- | M] () -- C:\Users\XXX\Dokumente\SVR CAW 2.docx
[2010.04.21 21:28:03 | 001,645,878 | ---- | M] () -- C:\Users\XXX\Dokumente\SVR CAW.docx
[2010.04.20 15:50:01 | 000,000,602 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion Editor.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.19 21:25:29 | 000,000,162 | -H-- | C] () -- C:\Users\XXX\Dokumente\~$mputer hilfe.docx
[2010.05.19 20:56:35 | 000,010,164 | ---- | C] () -- C:\Users\XXX\Dokumente\computer hilfe.docx
[2010.05.19 20:40:49 | 000,002,555 | ---- | C] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.05.19 16:12:10 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamab.exe
[2010.05.18 19:28:55 | 000,000,230 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.18 19:28:54 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamaa.exe
[2010.05.18 19:28:51 | 000,000,242 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.18 18:36:26 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2010.05.17 18:48:44 | 000,001,050 | ---- | C] () -- C:\Users\XXX\Desktop\Media Converter.lnk
[2010.05.16 21:15:42 | 000,000,548 | ---- | C] () -- C:\Users\XXX\Desktop\Frontschweine.lnk
[2010.05.16 20:38:49 | 000,000,935 | ---- | C] () -- C:\Users\XXX\Desktop\IsoBuster.lnk
[2010.05.15 23:08:02 | 000,010,114 | ---- | C] () -- C:\Users\XXX\Dokumente\Frontschweine Download Link.docx
[2010.05.15 18:19:56 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010.05.15 17:46:01 | 000,000,468 | ---- | C] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2010.05.09 13:51:25 | 001,762,792 | ---- | C] () -- C:\Users\XXX\Dokumente\Daughtry.docx
[2010.05.09 12:59:57 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Music Converter.lnk
[2010.05.08 15:09:08 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\Tomb Raider Underworld.lnk
[2010.05.07 15:40:37 | 001,178,916 | ---- | C] () -- C:\Users\XXX\Desktop\Desmond Wolfe 3.jpg
[2010.05.07 15:38:29 | 000,094,791 | ---- | C] () -- C:\Users\XXX\Desktop\96627_med.jpg
[2010.05.07 15:37:04 | 000,361,185 | ---- | C] () -- C:\Users\XXX\Desktop\Bayonetta.jpg
[2010.05.07 15:16:34 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.06 16:54:40 | 000,012,320 | ---- | C] () -- C:\Users\XXX\Dokumente\Franz Vortrag.docx
[2010.04.27 21:00:55 | 000,004,209 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Lernziele Genetik.pdf
[2010.04.27 21:00:40 | 001,064,066 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie genetik3.pdf
[2010.04.27 21:00:23 | 000,204,965 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Genetik2.pdf
[2010.04.27 20:59:50 | 001,234,412 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Genetik.pdf
[2010.04.24 18:27:58 | 000,000,604 | ---- | C] () -- C:\Users\XXX\Desktop\SimCity 3000.lnk
[2010.04.23 23:16:31 | 000,012,681 | ---- | C] () -- C:\Users\XXX\Dokumente\Wrestler Liste.docx
[2010.04.22 11:40:25 | 000,256,893 | ---- | C] () -- C:\Users\XXX\Dokumente\SVR CAW 2.docx
[2010.04.21 20:40:26 | 001,645,878 | ---- | C] () -- C:\Users\XXX\Dokumente\SVR CAW.docx
[2010.04.20 15:50:01 | 000,000,602 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion Editor.lnk
[2010.04.03 19:43:58 | 000,000,235 | ---- | C] () -- C:\Windows\Caligari.ini
[2010.03.18 16:31:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.03.18 16:30:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.03.11 20:15:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.26 19:18:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.09.27 18:41:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.09.27 10:14:04 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009.09.25 16:37:12 | 000,000,298 | ---- | C] () -- C:\Windows\game.ini
[2009.09.25 15:08:21 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009.09.25 15:08:21 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.06.07 16:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.11.20 22:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
< End of report >

cosinus · 20.05.2010, 11:12

Hallo und

Mach bitte einen Vollscan mit Malwarebytes.

brownie · 20.05.2010, 17:19

So hab jetzt den Vollscan gemacht, hoffe hat was gebracht.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4118

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.05.2010 18:16:42
mbam-log-2010-05-20 (18-16-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 504879
Laufzeit: 1 Stunde(n), 14 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 20.05.2010, 19:19

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Windows\Wfamab.exe ()
PRC - C:\Users\XXX\AppData\Local\Temp\Wlh.exe ()
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Jan\AppData\Local\Temp\Wlh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010.05.19 16:12:10 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamab.exe
[2010.05.18 19:28:55 | 000,000,230 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.18 19:28:54 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamaa.exe
[2010.05.18 19:28:51 | 000,000,242 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

brownie · 21.05.2010, 16:47

Hier die Log-Datei:

All processes killed
========== OTL ==========
No active process named Wfamab.exe was found!
No active process named Wlh.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 not found.
File C:\Users\Jan\AppData\Local\Temp\Wlh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
File C:\Windows\Wfamab.exe not found.
File C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
File C:\Windows\Wfamaa.exe not found.
File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: XXX
->Temp folder emptied: 433402 bytes
->Temporary Internet Files folder emptied: 206114 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3268344 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 646 bytes

User: Mcx1

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21766 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05212010_174035

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 21.05.2010, 20:28

Ok. Wie ist es um Deinen Rechner nun bestellt?
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

brownie · 22.05.2010, 23:56

Ok, hier sind die Scanresultate.

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/23/2010 at 00:37 AM

Application Version : 4.37.1000

Core Rules Database Version : 4970
Trace Rules Database Version: 2782

Scan type : Complete Scan
Total Scan Time : 04:28:51

Memory items scanned : 424
Memory threats detected : 0
Registry items scanned : 7426
Registry threats detected : 0
File items scanned : 369587
File threats detected : 1

Trojan.Agent/Gen-CDesc[EndSec]
C:\_OTL\MOVEDFILES\05212010_171832\C_WINDOWS\WFAMAA.EXE

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4131

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.05.2010 22:07:49
mbam-log-2010-05-22 (22-07-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 498154
Laufzeit: 2 Stunde(n), 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 23.05.2010, 21:04

Sieht ok aus. SASW hat nur noch das gefunden, was wir mit OTL unschädlich gemacht hatten. Wenn keine Probleme mehr da sind, bitte unbedingt mal die Updates checken:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

brownie · 23.05.2010, 22:48

Ok, vielen dank für die schnelle Hilfe. Wüsste nicht was ich sonst getan hätte.

20.05.2010, 11:12	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Explorer öffnet wahllos Internetseiten Hallo und Mach bitte einen Vollscan mit Malwarebytes. __________________ __________________

21.05.2010, 20:28	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Explorer öffnet wahllos Internetseiten Ok. Wie ist es um Deinen Rechner nun bestellt? Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ --> Explorer öffnet wahllos Internetseiten

Explorer öffnet wahllos Internetseiten

Log-Analyse und Auswertung: Explorer öffnet wahllos Internetseiten