Google öffnet andere Seiten als angeklickt

 
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
 
Datenbank Version: 4199
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
15.06.2010 19:39:32
mbam-log-2010-06-15 (19-39-32).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108298
Laufzeit: 2 Minute(n), 27 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
C:\WINXP\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
 
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\WINXP\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINXP\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Joker\Lokale Einstellungen\Temp\Bjh.exe (Trojan.FakeAlert) -> Delete on reboot.
         

OTL Extras logfile created on: 15.06.2010 19:41:38 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\Joker\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 290,32 Gb Free Space | 97,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JOKER-026DF0180
Current User Name: Joker
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1214440339-1202660629-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Joker\Desktop\Book Of Ra\Spiele 1\gameunp.exe" = C:\Dokumente und Einstellungen\Joker\Desktop\Book Of Ra\Spiele 1\gameunp.exe:*:Enabled:gameunp -- ()
"C:\Dokumente und Einstellungen\Joker\Desktop\Book Of Ra\Spiele 2\gameunp.exe" = C:\Dokumente und Einstellungen\Joker\Desktop\Book Of Ra\Spiele 2\gameunp.exe:*:Enabled:gameunp -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0CA4C366-9A1C-A493-6628-BECB972C35BA}" = Skins
"{1079E68B-91F1-6661-CD27-1D4BB0D10C9A}" = CCC Help Finnish
"{1235C921-7B9A-5BEB-5B7A-CC5DEBF31BB6}" = CCC Help Thai
"{1B8A90DE-5B5F-C596-92DA-DB3E03FA1561}" = Catalyst Control Center Graphics Full Existing
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2E84C64C-BA4F-CF98-FF6D-EAF652FD8675}" = CCC Help French
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3870A588-D619-325D-036A-C650FD16738B}" = CCC Help Norwegian
"{4091C4D6-6308-B545-E661-105DBA555964}" = Catalyst Control Center Graphics Full New
"{458D3447-3704-EE80-B633-9BA68060E4D1}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5DA3AB29-AFC9-721B-E720-31FB11E6E73B}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63830359-A054-9403-4C2C-DBEE5676F78A}" = Catalyst Control Center Graphics Light
"{6C19191F-7236-EFEB-D425-22852000CAD6}" = CCC Help Dutch
"{6D82D2DB-D5FE-D85F-14BF-738C6C5018B8}" = CCC Help Danish
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7225E3AA-AE83-84A1-F5CE-4B5690E096A9}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B79D2A4-FEE7-C610-24D2-C7D3109C0FC0}" = ccc-utility
"{7C07FFEF-4F87-AFED-C136-4F4CF04AC6A9}" = CCC Help Swedish
"{853CA7DC-2604-62F8-E596-8A38AEFB0DBE}" = CCC Help Hungarian
"{8C052CAF-5AF7-471D-74AB-296A50654ABD}" = CCC Help Chinese Standard
"{8C3B20DD-BCEC-9610-3869-446AEACACB2B}" = ccc-core-preinstall
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E7B09E3-DCE1-2AA6-804E-FEB9C8EB4CD2}" = Catalyst Control Center Core Implementation
"{90753CA2-4BA4-E75E-194D-0F5A466F2D67}" = CCC Help Portuguese
"{9076A738-309F-D9D2-6679-94D1B7A68BF6}" = CCC Help Korean
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DCF2B35-23C4-8D46-F2A0-7F9E56D3BB91}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3276EED-22A1-4808-9AA3-88A451482E10}" = Catalyst Control Center - Branding
"{AC26DD4C-76C0-5473-F86B-2E6806C11B0B}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1031-7B44-A00000000002}" = Adobe Reader 6.0.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B8164387-305E-1037-9E12-E0C964A0D2CC}" = CCC Help Japanese
"{BFA7649A-1D5B-A838-BA32-8F7407467492}" = CCC Help Turkish
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C258E913-2D9F-9804-3A5D-D030FC5BD875}" = CCC Help Chinese Traditional
"{C479DF4C-D407-9EA8-E46B-E516AB888288}" = CCC Help Polish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D163A823-F74A-7B5C-F1BF-30B152405220}" = CCC Help German
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DCFAA38D-FB19-A6CD-D771-40CC27F9D312}" = CCC Help Greek
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E58E19F6-E810-DC1E-09D8-FBCAFC06B66D}" = CCC Help Italian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6501365-E2FB-7D26-34E1-02C434EF937D}" = ccc-core-static
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Broadcom Wireless-Dienstprogramm
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"RouterControl" = RouterControl 1.91
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.7.3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2010 15:12:17 | Computer Name = JOKER-026DF0180 | Source = MsiInstaller | ID = 10005
Description = Produkt: HP Wireless Assistant -- HP Wireless Assistant can not be
 installed on systems with .NET Framework version smaller than 2.0
 
Error - 12.06.2010 17:46:58 | Computer Name = JOKER-026DF0180 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.22918, Fehleradresse 0x000981bd.
 
Error - 12.06.2010 17:47:08 | Computer Name = JOKER-026DF0180 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.22918, Fehleradresse 0x000a7d60.
 
Error - 12.06.2010 17:47:57 | Computer Name = JOKER-026DF0180 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.22918, Fehleradresse 0x000981bd.
 
[ System Events ]
Error - 12.06.2010 15:01:39 | Computer Name = JOKER-026DF0180 | Source = Setup | ID = 60055
Description = Während der Installation sind Fehler aufgetreten. Weitere Informationen
 finden Sie in der Datei "setuperr.log" im Windows-Verzeichni
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Hewlett-Packard\HP
 Quick Launch Buttons\hidactn.dll fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang
 wurde erfolgreich beendet.  .
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Hewlett-Packard\HP
 Quick Launch Buttons\hidactn.dll fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang
 wurde erfolgreich beendet.  .
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 12.06.2010 15:43:58 | Computer Name = JOKER-026DF0180 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Hewlett-Packard\HP
 Quick Launch Buttons\hidactn.dll fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang
 wurde erfolgreich beendet.  .
 
 
< End of report >