Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Explorer öffnet wahllos Internetseiten

Explorer öffnet wahllos Internetseiten


Log-Analyse und Auswertung: Explorer öffnet wahllos Internetseiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.05.2010, 22:16   #1
brownie
 
Explorer öffnet wahllos Internetseiten - Standard

Explorer öffnet wahllos Internetseiten


Hallo
Bei mir öffnet der Internet Explorer in letzter Zeit auch einfach irgendwelche Seiten. Ich hoffe, dass ihr mir helfen könnt.

Hier die Log-Dateien:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4118

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.05.2010 21:47:25
mbam-log-2010-05-19 (21-47-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129650
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4VDD85L8NF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\XXX\AppData\Local\Temp\Wlf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\Wli.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\Wlh.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\XXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\XXX\Desktop\Antivir.lnk (Rogue.Antivir2010) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/19/2010 at 10:54 PM

Application Version : 4.37.1000

Core Rules Database Version : 4957
Trace Rules Database Version: 2769

Scan type       : Complete Scan
Total Scan Time : 00:59:59

Memory items scanned      : 654
Memory threats detected   : 2
Registry items scanned    : 7654
Registry threats detected : 1
File items scanned        : 87759
File threats detected     : 2

Trojan.Agent/Gen-CDesc[EndSec]
	C:\WINDOWS\WFAMAB.EXE
	C:\WINDOWS\WFAMAB.EXE
	C:\USERS\JAN\APPDATA\LOCAL\TEMP\WLH.EXE
	C:\USERS\JAN\APPDATA\LOCAL\TEMP\WLH.EXE
	[M5T8QL3YW3] C:\USERS\XXX\APPDATA\LOCAL\TEMP\WLH.EXE
Code:
ATTFilter
OTL logfile created on: 19.05.2010 21:36:22 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Jan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.46 Gb Total Space | 260.25 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 458.41 Gb Total Space | 302.63 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 

 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Wfamab.exe ()
PRC - C:\Users\XXX\AppData\Local\Temp\Wlh.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\BumpTop\TexHelper.exe ()
PRC - C:\Program Files (x86)\BumpTop\BumpTop.exe ()
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - c:\Programme\Gigaset USB Adapter 300\GUI.exe ()
PRC - C:\Windows\CBTWlanSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3697.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (CBTWlanSrv) -- C:\Windows\CBTWlanSrv.exe ()
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (rt2870) -- C:\Windows\SysNative\DRIVERS\rt2870.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (CBPSp50a64) -- C:\Windows\SysNative\Drivers\CBPSp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology)
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl (CyberLink Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (PSDFilter) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf ()
DRV - (PSDNServ) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf ()
DRV - (psdvdisk) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61}:3.6.0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.02.28 19:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.15 23:49:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.15 23:49:14 | 000,000,000 | ---D | M]
 
[2009.09.25 14:12:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.05.19 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions
[2010.04.27 20:52:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.18 20:24:06 | 000,000,000 | ---D | M] (XboxFox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
[2009.11.16 19:35:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.27 20:52:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\personas@christopher.beard
[2010.02.18 20:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\5xe0iu8c.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}\chrome\mozapps\extensions
[2010.05.19 18:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.02 17:09:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Jan\AppData\Local\Temp\Wlh.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.16 13:40:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 20:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.05.17 18:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mpeg2Decoder
[2010.05.17 18:48:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010.05.17 18:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeskShare Shared
[2010.05.17 18:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deskshare
[2010.05.17 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\Dokumente\Requiem für einen Rockstar
[2010.05.17 17:19:17 | 000,000,000 | ---D | C] -- C:\MediaOutput
[2010.05.17 17:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAVConverter
[2010.05.16 20:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010.05.16 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2010.05.15 18:20:07 | 003,772,784 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010.05.15 18:19:56 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010.05.15 18:19:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\INCA Shared
[2010.05.09 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\NCH Software
[2010.05.09 13:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010.05.09 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010.05.09 12:59:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\NCH Swift Sound
[2010.05.09 00:12:08 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.05.09 00:12:08 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.05.09 00:12:08 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.05.09 00:12:08 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.05.09 00:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.05.08 21:14:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\FixWin
[2010.05.08 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Dokumente\Eidos
[2010.05.02 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\The Creative Assembly
[2010.04.26 18:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010.04.24 18:24:08 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2009.01.23 20:05:05 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 21:38:38 | 003,670,016 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2010.05.19 21:32:36 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.19 21:25:29 | 000,000,162 | -H-- | M] () -- C:\Users\XXX\Dokumente\~$mputer hilfe.docx
[2010.05.19 21:22:27 | 000,002,555 | ---- | M] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.05.19 21:21:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.19 21:07:51 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.19 21:07:51 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.19 21:07:51 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.19 21:07:51 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.19 21:07:51 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.19 21:01:51 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.19 21:01:50 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.19 21:01:47 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.19 21:01:45 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.05.19 21:01:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.05.19 21:01:42 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.19 21:01:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 21:01:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 21:01:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 21:01:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 20:56:41 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 20:56:41 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.05.19 20:56:38 | 004,682,637 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2010.05.19 20:56:35 | 000,010,164 | ---- | M] () -- C:\Users\XXX\Dokumente\computer hilfe.docx
[2010.05.18 20:12:34 | 000,006,656 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.18 19:46:26 | 000,000,067 | ---- | M] () -- C:\Windows\AVIConverter.INI
[2010.05.18 19:29:56 | 000,185,344 | ---- | M] () -- C:\Windows\Wfamab.exe
[2010.05.18 19:28:51 | 000,185,344 | ---- | M] () -- C:\Windows\Wfamaa.exe
[2010.05.17 18:48:50 | 000,356,352 | ---- | M] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010.05.17 18:48:44 | 000,001,050 | ---- | M] () -- C:\Users\XXX\Desktop\Media Converter.lnk
[2010.05.16 21:15:41 | 000,000,548 | ---- | M] () -- C:\Users\XXX\Desktop\Frontschweine.lnk
[2010.05.16 20:38:49 | 000,000,935 | ---- | M] () -- C:\Users\XXX\Desktop\IsoBuster.lnk
[2010.05.15 23:49:16 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.15 23:47:54 | 000,010,114 | ---- | M] () -- C:\Users\XXX\Dokumente\Frontschweine Download Link.docx
[2010.05.15 21:03:14 | 000,089,704 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.15 21:02:31 | 000,342,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.15 17:46:01 | 000,000,468 | ---- | M] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2010.05.10 22:10:00 | 003,772,784 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010.05.09 13:51:26 | 001,762,792 | ---- | M] () -- C:\Users\XXX\Dokumente\Daughtry.docx
[2010.05.09 12:59:57 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Music Converter.lnk
[2010.05.09 00:12:08 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.05.09 00:12:08 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.05.09 00:12:08 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.05.09 00:12:08 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.05.08 15:09:08 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\Tomb Raider Underworld.lnk
[2010.05.07 15:40:39 | 001,178,916 | ---- | M] () -- C:\Users\XXX\Desktop\Desmond Wolfe 3.jpg
[2010.05.07 15:38:30 | 000,094,791 | ---- | M] () -- C:\Users\XXX\Desktop\96627_med.jpg
[2010.05.07 15:37:05 | 000,361,185 | ---- | M] () -- C:\Users\XXX\Desktop\Bayonetta.jpg
[2010.05.07 15:17:38 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.06 17:11:53 | 000,012,320 | ---- | M] () -- C:\Users\XXX\Dokumente\Franz Vortrag.docx
[2010.05.01 11:48:46 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.04.27 21:00:55 | 000,004,209 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Lernziele Genetik.pdf
[2010.04.27 21:00:40 | 001,064,066 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie genetik3.pdf
[2010.04.27 21:00:24 | 000,204,965 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Genetik2.pdf
[2010.04.27 20:59:50 | 001,234,412 | ---- | M] () -- C:\Users\XXX\Dokumente\Biologie Genetik.pdf
[2010.04.24 18:27:56 | 000,000,604 | ---- | M] () -- C:\Users\XXX\Desktop\SimCity 3000.lnk
[2010.04.24 00:11:00 | 000,012,681 | ---- | M] () -- C:\Users\XXX\Dokumente\Wrestler Liste.docx
[2010.04.22 16:07:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.04.22 16:07:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.22 14:10:28 | 000,002,415 | ---- | M] () -- C:\Users\XXX\Desktop\Skype.lnk
[2010.04.22 11:48:10 | 000,256,893 | ---- | M] () -- C:\Users\XXX\Dokumente\SVR CAW 2.docx
[2010.04.21 21:28:03 | 001,645,878 | ---- | M] () -- C:\Users\XXX\Dokumente\SVR CAW.docx
[2010.04.20 15:50:01 | 000,000,602 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion Editor.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.19 21:25:29 | 000,000,162 | -H-- | C] () -- C:\Users\XXX\Dokumente\~$mputer hilfe.docx
[2010.05.19 20:56:35 | 000,010,164 | ---- | C] () -- C:\Users\XXX\Dokumente\computer hilfe.docx
[2010.05.19 20:40:49 | 000,002,555 | ---- | C] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.05.19 16:12:10 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamab.exe
[2010.05.18 19:28:55 | 000,000,230 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.18 19:28:54 | 000,185,344 | ---- | C] () -- C:\Windows\Wfamaa.exe
[2010.05.18 19:28:51 | 000,000,242 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.18 18:36:26 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2010.05.17 18:48:44 | 000,001,050 | ---- | C] () -- C:\Users\XXX\Desktop\Media Converter.lnk
[2010.05.16 21:15:42 | 000,000,548 | ---- | C] () -- C:\Users\XXX\Desktop\Frontschweine.lnk
[2010.05.16 20:38:49 | 000,000,935 | ---- | C] () -- C:\Users\XXX\Desktop\IsoBuster.lnk
[2010.05.15 23:08:02 | 000,010,114 | ---- | C] () -- C:\Users\XXX\Dokumente\Frontschweine Download Link.docx
[2010.05.15 18:19:56 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010.05.15 17:46:01 | 000,000,468 | ---- | C] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2010.05.09 13:51:25 | 001,762,792 | ---- | C] () -- C:\Users\XXX\Dokumente\Daughtry.docx
[2010.05.09 12:59:57 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Music Converter.lnk
[2010.05.08 15:09:08 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\Tomb Raider Underworld.lnk
[2010.05.07 15:40:37 | 001,178,916 | ---- | C] () -- C:\Users\XXX\Desktop\Desmond Wolfe 3.jpg
[2010.05.07 15:38:29 | 000,094,791 | ---- | C] () -- C:\Users\XXX\Desktop\96627_med.jpg
[2010.05.07 15:37:04 | 000,361,185 | ---- | C] () -- C:\Users\XXX\Desktop\Bayonetta.jpg
[2010.05.07 15:16:34 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.06 16:54:40 | 000,012,320 | ---- | C] () -- C:\Users\XXX\Dokumente\Franz Vortrag.docx
[2010.04.27 21:00:55 | 000,004,209 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Lernziele Genetik.pdf
[2010.04.27 21:00:40 | 001,064,066 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie genetik3.pdf
[2010.04.27 21:00:23 | 000,204,965 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Genetik2.pdf
[2010.04.27 20:59:50 | 001,234,412 | ---- | C] () -- C:\Users\XXX\Dokumente\Biologie Genetik.pdf
[2010.04.24 18:27:58 | 000,000,604 | ---- | C] () -- C:\Users\XXX\Desktop\SimCity 3000.lnk
[2010.04.23 23:16:31 | 000,012,681 | ---- | C] () -- C:\Users\XXX\Dokumente\Wrestler Liste.docx
[2010.04.22 11:40:25 | 000,256,893 | ---- | C] () -- C:\Users\XXX\Dokumente\SVR CAW 2.docx
[2010.04.21 20:40:26 | 001,645,878 | ---- | C] () -- C:\Users\XXX\Dokumente\SVR CAW.docx
[2010.04.20 15:50:01 | 000,000,602 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion Editor.lnk
[2010.04.03 19:43:58 | 000,000,235 | ---- | C] () -- C:\Windows\Caligari.ini
[2010.03.18 16:31:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.03.18 16:30:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.03.11 20:15:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.26 19:18:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.09.27 18:41:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.09.27 10:14:04 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009.09.25 16:37:12 | 000,000,298 | ---- | C] () -- C:\Windows\game.ini
[2009.09.25 15:08:21 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009.09.25 15:08:21 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.06.07 16:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.11.20 22:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
< End of report >

 

Themen zu Explorer öffnet wahllos Internetseiten
avgntflt.sys, cdburnerxp, components, firefox 3.6.3, firefox.exe, hdaudio.sys, home premium, local\temp, location, malwarebytes' anti-malware, oldtimer, otl logfile, otl.exe, plug-in, programdata, sched.exe, searchplugins, staropen, syswow64, trojan.downloader


« 10 TAN eingeben und Firefox Browser-Hijack combofix? | 100% CPU Auslastung im TM, Prozesse nicht zu beenden. Benötige Log Auswertung »


Ähnliche Themen: Explorer öffnet wahllos Internetseiten


  1. Browser öffnet von alleine Internetseiten
    Log-Analyse und Auswertung - 13.08.2015 (15)
  2. Chrome öffnet Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (12)
  3. Chrome öffnet automatisch verschiedene Internetseiten
    Log-Analyse und Auswertung - 26.09.2014 (21)
  4. Chrome öffnet wahllos Fenster, Norton zeigt Bedrohung durch injects.js an, malwarebytes findet über 200 Viren
    Plagegeister aller Art und deren Bekämpfung - 26.05.2014 (15)
  5. Browser (Chrome) öffnet wahllos mehrere Fenster, Ladezeiten sind inakzeptabel, endlose Werbeaddons
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (13)
  6. Werbung öffnet sich auf vielen Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (1)
  7. Google öffnet falsche Internetseiten
    Log-Analyse und Auswertung - 16.07.2011 (22)
  8. Firefox öffnet willkürlich fremde Internetseiten
    Log-Analyse und Auswertung - 13.05.2011 (19)
  9. Internet Explorer öffnet wahllos Pop Ups...
    Log-Analyse und Auswertung - 06.07.2010 (6)
  10. Browser öffnet Internetseiten nicht.
    Log-Analyse und Auswertung - 26.06.2010 (3)
  11. Explorer öffnet wahrlos Internetseiten
    Log-Analyse und Auswertung - 17.05.2010 (17)
  12. IE/Firefox öffnet Internetseiten von alleine
    Log-Analyse und Auswertung - 24.04.2010 (5)
  13. IE öffnet unbedient mir unbekannte Internetseiten
    Log-Analyse und Auswertung - 26.02.2010 (9)
  14. Browser öffnet selbstständig Internetseiten!!
    Log-Analyse und Auswertung - 07.12.2009 (1)
  15. Firefox öffnet Wahllos Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 01.04.2009 (23)
  16. PC öffnet irgendwelche internetseiten
    Plagegeister aller Art und deren Bekämpfung - 22.10.2008 (0)
  17. Internet Explorer öffnet nach Google-Suche falsche Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 08.04.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Explorer öffnet wahllos Internetseiten - Hallo Bei mir öffnet der Internet Explorer in letzter Zeit auch einfach irgendwelche Seiten. Ich hoffe, dass ihr mir helfen könnt. Hier die Log-Dateien: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' - Explorer öffnet wahllos Internetseiten...
Archiv
Du betrachtest: Explorer öffnet wahllos Internetseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131