| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Erst TR/Spy.ZBot.efym dann TR/Trash.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2012, 09:42
| #1 |
| |  Erst TR/Spy.ZBot.efym dann TR/Trash.Gen Hallo, Antivir hat vorgestern den Trojaner TR/Spy.ZBot.efym gefunden und Dateien in Quarantäne verschoben. Gestern kam dann ein Fund mit TR/Trash.Gen, auch wieder mit Quarantäne. Der CC Cleaner kann einen fehlerhaften Eintrag in der Registry nicht löschen. Ich habe von einem anderen Rechner erstmal die Pins vom OnlineBanking geändert. Muss ich noch irgendetwas beachten. Was ist das für Ein Trojaner und wie bekomme ich ihn los. sorry bin zum ersten Mal hier, vielen Dank für eure Hilfe. Achja: Ein Fullscan mit Malwarebytes findet nichts. Super AntiSpyware hat irgendwelche Trojan.Agent/Gen-Autoit gefunden und versucht zu reparieren bzw. in Quarantäne zu verschieben, der kommt aber beim nächsten Mal wieder. Ich hab hier mal entsprechnede LogFiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.07.2012 22:27:19 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free 3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,40% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 26,80 Gb Free Space | 11,51% Space Free | Partition Type: NTFS Drive D: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Unable to calculate disk information. Drive F: | 76,33 Gb Total Space | 45,25 Gb Free Space | 59,28% Space Free | Partition Type: NTFS Drive G: | 76,33 Gb Total Space | 72,17 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Computer Name: NAME-118D7DEF88 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.17 22:26:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe PRC - [2012.07.17 18:54:59 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2012.07.10 01:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.06.14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 17:45:44 | 000,177,152 | ---- | M] (RatkovicDesign) -- C:\TOMBRAID\TRAISVCS.EXE PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2010.06.25 17:46:54 | 000,974,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Hama\Wireless LAN RTL8192SU\RtWLan.exe PRC - [2008.11.26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2002.10.11 13:40:34 | 000,061,699 | ---- | M] (Pinnacle Systems) -- C:\Programme\Pinnacle\PCTV Stereo\Remote\remoterm.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.07.17 22:14:32 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.07.17 22:14:32 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.07.17 15:15:18 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.07.17 15:15:18 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.07.10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll MOD - [2012.07.10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012.07.10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\libglesv2.dll MOD - [2012.07.10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\libegl.dll MOD - [2012.07.10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012.07.10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012.07.10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll MOD - [2012.07.10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Programme\Google\Chrome\Application\20.0.1132.57\gcswf32.dll MOD - [2012.06.14 12:31:08 | 000,108,504 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.12.09 22:20:06 | 000,126,976 | ---- | M] () -- C:\Programme\Hama\Wireless LAN RTL8192SU\EnumDevLib.dll MOD - [2009.01.09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2007.07.12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Programme\Hama\Wireless LAN RTL8192SU\acAuth.dll MOD - [2003.05.08 03:23:04 | 000,618,496 | ---- | M] () -- C:\Programme\VDMSound\LaunchPad.dll MOD - [2001.11.08 17:30:58 | 000,045,056 | ---- | M] () -- C:\Programme\Pinnacle\PCTV Stereo\Remote\remot049.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\AVSETUP_50042a21\avupgsvc.exe /TEMPSTART:C:\WINDOWS\TEMP\AVSETUP_50042a21\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE -- (AviraUpgradeService) SRV - [2012.07.17 18:54:59 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.16 16:48:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012.05.11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012.05.11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.11 17:45:44 | 000,177,152 | ---- | M] (RatkovicDesign) [Auto | Running] -- C:\TOMBRAID\TRAISVCS.EXE -- (TraiHelper) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2008.08.12 15:17:44 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD) DRV - [2012.05.11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.02.28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2012.02.28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.06.13 20:18:34 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3) DRV - [2010.07.07 14:55:20 | 000,604,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.12 01:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.05.21 01:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.07.03 19:06:38 | 000,039,424 | ---- | M] (Atheros Communications Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2005.01.28 15:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2004.11.22 11:33:52 | 000,698,368 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k) DRV - [2003.10.15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519) DRV - [2002.11.11 18:52:54 | 000,006,400 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctvvbi.sys -- (pctvvbi) DRV - [2002.06.17 13:09:56 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) DRV - [1999.09.10 13:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\..\SearchScopes\{9506C560-7F55-4A4B-A142-DC8C94DC3C21}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4e4c4407-0689-4ae6-9bb4-1bf60699c1ea&apn_sauid=506387E4-F087-4E5A-84B3-4F802B597247 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\..\SearchScopes\{CA742058-0087-4EAE-9422-5448422A6AE3}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012.07.17 17:08:11 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2010.07.21 19:41:15 | 000,000,068 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 77.21.6.217 vpn O1 - Hosts: 132.170.170.2 vnc O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCTVRemote] C:\Programme\Pinnacle\PCTV Stereo\Remote\remoterm.exe (Pinnacle Systems) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Wireless LAN RTL8192SU\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342445593703 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F397D74-466F-4A64-B582-276CC18A598A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\TopModel.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\TopModel.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.29 14:10:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.09.16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.16 06:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.08.13 11:02:32 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 22:08:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent [2012.07.17 19:03:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Sun [2012.07.17 17:13:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2012.07.17 17:08:09 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2012.07.17 17:08:09 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2012.07.17 17:08:09 | 000,149,464 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2012.07.17 17:08:09 | 000,070,768 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys [2012.07.17 17:05:45 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2012.07.17 17:05:29 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys [2012.07.17 17:05:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security [2012.07.17 17:05:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2012.07.17 17:05:07 | 000,000,000 | ---D | C] -- C:\Program Files [2012.07.17 17:02:49 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2012.07.17 17:02:49 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2012.07.17 17:02:44 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2012.07.17 17:02:44 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2012.07.17 17:02:40 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys [2012.07.17 17:02:40 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2012.07.17 17:02:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2012.07.17 17:02:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TestApp [2012.07.17 15:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2012.07.17 15:23:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.07.17 15:23:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.17 15:23:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.17 15:23:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.17 15:19:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2012.07.17 15:16:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.07.17 15:14:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2012.07.17 15:14:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SUPERAntiSpyware.com [2012.07.17 15:14:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google [2012.07.17 15:14:23 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.07.17 15:14:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.07.17 15:14:14 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2012.07.17 12:36:31 | 000,000,000 | ---D | C] -- C:\Urlaubsstick [2012.07.17 12:32:19 | 000,000,000 | ---D | C] -- C:\Stick2 [2012.07.17 12:21:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.07.17 12:21:17 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.07.17 12:21:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2012.07.16 20:48:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\WiseConvert [2012.07.16 20:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2012.07.16 19:56:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PriceGong [2012.07.16 19:56:41 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2012.07.16 19:56:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Temp [2012.07.16 19:56:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Conduit [2012.07.16 18:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Avira [2012.07.16 18:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.07.16 18:43:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.07.16 18:43:45 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.07.16 18:43:45 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.07.16 18:43:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.07.16 18:43:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.07.16 18:43:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.07.16 16:48:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\IECompatCache [2012.07.16 16:47:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\PrivacIE [2012.07.16 16:45:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\IETldCache [2012.07.16 16:30:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2012.07.16 16:25:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2012.07.16 16:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2012.07.16 16:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012.07.16 16:04:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012.07.16 15:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2012.07.16 15:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2012.07.16 15:47:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2012.07.16 15:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Windows Desktop Search [2012.07.16 15:38:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2012.07.16 11:10:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads [2012.07.16 10:31:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\temp [2012.07.15 19:28:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bibi und Tina [2012.07.15 19:11:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2012.07.15 19:11:03 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2012.07.15 18:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vufoi [2012.07.15 18:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ulum [2012.07.14 16:56:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Junior [2012.07.14 16:55:35 | 000,000,000 | ---D | C] -- C:\Programme\Junior [2012.07.14 14:36:29 | 000,000,000 | ---D | C] -- C:\Stick [2012.07.11 12:34:12 | 000,000,000 | ---D | C] -- C:\Abadon Live [2012.07.08 16:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2012.07.08 16:19:56 | 000,000,000 | ---D | C] -- C:\Kiddinx [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.17 22:25:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.07.17 22:24:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 22:13:13 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.07.17 22:13:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.17 22:13:03 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.17 22:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.17 22:11:42 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.17 18:55:00 | 000,528,202 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.07.17 18:55:00 | 000,481,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.07.17 18:55:00 | 000,105,506 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.07.17 18:55:00 | 000,079,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.07.17 18:24:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2012.07.17 18:04:41 | 000,019,864 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.07.17 17:05:30 | 000,001,799 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk [2012.07.17 17:03:10 | 000,667,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012.07.17 15:23:32 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 15:16:43 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.07.17 15:14:18 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.17 12:21:31 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.07.16 20:48:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.07.16 19:28:04 | 000,001,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Default.rdp [2012.07.16 18:45:02 | 000,001,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.07.16 16:48:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.16 16:40:42 | 000,324,000 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20120716_164038.reg [2012.07.16 16:38:57 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.07.16 16:32:55 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\wdz1.ini [2012.07.15 19:28:04 | 000,001,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pferdestarke Spielesammlung.lnk [2012.07.15 19:06:00 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp [2012.07.14 16:56:41 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mein Musikstudio.exe.lnk [2012.07.14 16:56:37 | 000,000,035 | ---- | M] () -- C:\WINDOWS\VivaMedia.ini [2012.07.14 15:39:02 | 000,006,340 | ---- | M] () -- C:\italien-fahne-014-wehend-weiss-200x240_flaggenbilder_de.gif [2012.07.09 19:41:54 | 024,608,400 | ---- | M] () -- C:\Alles Gute_Main.wav [2012.07.06 22:27:22 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 22:27:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.24 18:44:49 | 003,519,138 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Culcha_Candela_-_Von_Allein_(Official_Musik_Video).mp3 [2012.06.24 18:44:41 | 003,496,105 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Shakira_-_Gypsy_-_Official_Music_Video_(HQ).mp3 [2012.06.24 18:44:16 | 017,329,723 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Culcha_Candela_-_Von_Allein_(Official_Musik_Video).mp4 [2012.06.24 18:36:59 | 014,563,683 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Shakira_-_Gypsy_-_Official_Music_Video_(HQ).mp4 [2012.06.24 18:35:49 | 004,759,178 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\I_Got_A_Hangover_(Official_Video).mp3 [2012.06.24 18:35:20 | 018,885,232 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\I_Got_A_Hangover_(Official_Video).mp4 [2012.06.24 18:33:08 | 002,589,552 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CRO_-_EASY_(LYRICS).mp3 [2012.06.24 18:32:51 | 037,130,660 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CRO_-_EASY_(LYRICS).mp4 [2012.06.24 18:27:51 | 043,069,892 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rae_Jepsen_-_Call_Me_Maybe_[Official_Music_Video___HD_HQ].mp4 [2012.06.24 18:23:29 | 003,208,967 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rea_Jepsen_Call_Me_Maybe_Official_Musik_Lyrcis_(Songtext).mp3 [2012.06.24 18:22:01 | 012,370,534 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rea_Jepsen_Call_Me_Maybe_Official_Musik_Lyrcis_(Songtext).mp4 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.17 22:25:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.07.17 22:11:42 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.17 17:08:09 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2012.07.17 17:08:09 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip [2012.07.17 17:08:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2012.07.17 17:08:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2012.07.17 17:08:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2012.07.17 17:05:30 | 000,001,799 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk [2012.07.17 17:02:51 | 000,667,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012.07.17 15:23:32 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 15:16:43 | 000,001,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.07.17 15:14:33 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 15:14:33 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.17 15:14:18 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.17 12:21:31 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.07.16 18:45:02 | 000,001,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.07.16 16:40:40 | 000,324,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20120716_164038.reg [2012.07.16 15:47:05 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Search.lnk [2012.07.15 19:28:04 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pferdestarke Spielesammlung.lnk [2012.07.15 19:11:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.07.15 19:11:05 | 000,002,249 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2012.07.14 16:56:41 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mein Musikstudio.exe.lnk [2012.07.14 16:56:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\VivaMedia.ini [2012.07.14 15:39:20 | 000,006,340 | ---- | C] () -- C:\italien-fahne-014-wehend-weiss-200x240_flaggenbilder_de.gif [2012.07.09 19:41:49 | 024,608,400 | ---- | C] () -- C:\Alles Gute_Main.wav [2012.07.08 16:21:46 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp [2012.06.24 18:44:45 | 003,519,138 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Culcha_Candela_-_Von_Allein_(Official_Musik_Video).mp3 [2012.06.24 18:44:16 | 017,329,723 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Culcha_Candela_-_Von_Allein_(Official_Musik_Video).mp4 [2012.06.24 18:37:22 | 003,496,105 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Shakira_-_Gypsy_-_Official_Music_Video_(HQ).mp3 [2012.06.24 18:36:59 | 014,563,683 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Shakira_-_Gypsy_-_Official_Music_Video_(HQ).mp4 [2012.06.24 18:35:43 | 004,759,178 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\I_Got_A_Hangover_(Official_Video).mp3 [2012.06.24 18:35:20 | 018,885,232 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\I_Got_A_Hangover_(Official_Video).mp4 [2012.06.24 18:33:04 | 002,589,552 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CRO_-_EASY_(LYRICS).mp3 [2012.06.24 18:32:50 | 037,130,660 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CRO_-_EASY_(LYRICS).mp4 [2012.06.24 18:27:50 | 043,069,892 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rae_Jepsen_-_Call_Me_Maybe_[Official_Music_Video___HD_HQ].mp4 [2012.06.24 18:23:25 | 003,208,967 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rea_Jepsen_Call_Me_Maybe_Official_Musik_Lyrcis_(Songtext).mp3 [2012.06.24 18:21:56 | 012,370,534 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Carly_Rea_Jepsen_Call_Me_Maybe_Official_Musik_Lyrcis_(Songtext).mp4 [2012.05.11 09:05:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe [2012.05.11 09:05:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe [2012.05.11 09:05:33 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe [2012.02.15 19:36:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.26 17:19:46 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.12.13 19:59:07 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011.12.13 19:58:30 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011.11.27 14:53:39 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\default.pls [2011.10.11 17:46:05 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\user\DesktopTomb Raider Gold (Glide).VLP [2011.06.13 20:25:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI [2008.08.13 19:17:05 | 001,578,189 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mdbu.bin [2008.08.12 15:38:59 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.07 13:26:01 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.rnd [2008.08.06 15:56:18 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2008.08.12 15:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2012.04.02 14:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2009.04.14 18:29:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LIDL Fotoservice [2010.07.29 09:51:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lidl_Fotos [2012.04.02 14:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin [2008.10.14 19:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2011.12.25 15:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2010.07.18 16:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2008.08.12 16:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2012.07.17 22:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2010.05.02 10:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2008.08.12 15:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ACD Systems [2009.01.15 16:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ISL Online Cache [2008.11.16 11:17:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\KIDDINX [2012.04.16 19:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Origin [2011.12.18 14:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC-FAX TX [2012.07.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PriceGong [2011.12.25 15:25:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\RavensburgerTipToi [2011.12.09 21:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TeamViewer [2012.07.17 17:02:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TestApp [2012.07.15 18:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ulum [2012.07.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vufoi [2012.07.16 15:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Windows Desktop Search [2008.11.20 16:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 22:27:19 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 26,80 Gb Free Space | 11,51% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Unable to calculate disk information.
Drive F: | 76,33 Gb Total Space | 45,25 Gb Free Space | 59,28% Space Free | Partition Type: NTFS
Drive G: | 76,33 Gb Total Space | 72,17 Gb Free Space | 94,55% Space Free | Partition Type: NTFS
Computer Name: NAME-118D7DEF88 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:vnc
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Pinnacle\PCTV Stereo\TeleText\WebServer.exe" = C:\Programme\Pinnacle\PCTV Stereo\TeleText\WebServer.exe:*:Enabled:WebServer -- (Pinnacle Systems GmbH, Braunschweig)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Hama\Wireless LAN RTL8192SU\RtWLan.exe" = C:\Programme\Hama\Wireless LAN RTL8192SU\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{19FF60B9-DC30-4EB2-9FCD-E3AC26661D0D}" = Anna
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206BA68B-DF92-45C6-B61D-228F188FD9FC}" = ACDSee 5.0 Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}" = Pinnacle PCTV
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-295CN
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{891D0B03-05DF-4CD1-B267-268FDA1C1033}" = Nero 8 Essentials
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Hama Wireless LAN Adapter
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"7-Zip" = 7-Zip 9.20
"Abenteuer auf dem Reiterhof" = Abenteuer auf dem Reiterhof
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Defender_is1" = Browser Guard 4.0
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Google Chrome" = Google Chrome
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mein Musikstudio" = Mein Musikstudio
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PCTV100i_ee9ddc2045823be44b9d84ab9ec730afda4514cf" = Windows-Treiberpaket - Pinnacle Systems (3xHybrid) MEDIA 08/30/2004 1.3.1.15
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"Pusteblume Deutsch 4" = Pusteblume Deutsch 4
"Ravensburger tiptoi" = Ravensburger tiptoi
"Sony Eyetoy Webcam" = Sony Eyetoy Webcam
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Tivola Lauras Stern" = Tivola Lauras Stern
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Welt der Zahl 3" = Welt der Zahl 3
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2012 10:35:33 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:33.625]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:35 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:35.125]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:36 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:36.625]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:38 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:38.125]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:39 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:39.625]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:41 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:41.125]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:42 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:42.625]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:44 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:44.125]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:45 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:45.625]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 17.07.2012 10:35:47 | Computer Name = NAME-118D7DEF88 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/07/17 16:35:47.125]: [00002204]: lperrcode->api
= 1 , lperrcode->code = 2
[ System Events ]
Error - 17.07.2012 12:26:10 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:26:10 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:26:13 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:31:18 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:31:18 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:31:19 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 12:38:25 | Computer Name = NAME-118D7DEF88 | Source = PCTCore | ID = 327960
Description =
Error - 17.07.2012 16:12:39 | Computer Name = NAME-118D7DEF88 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 17.07.2012 16:14:19 | Computer Name = NAME-118D7DEF88 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 17.07.2012 16:14:19 | Computer Name = NAME-118D7DEF88 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 01:12:46
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-10 ST3250410AS rev.3.AAB
Running: mymn121g.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\awroyaow.sys
---- System - GMER 1.0.15 ----
SSDT BA6D3FBC ZwClose
SSDT BA6D3F76 ZwCreateKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E4637C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E46644]
SSDT BA6D3FC6 ZwCreateSection
SSDT BA6D3F6C ZwCreateThread
SSDT BA6D3F7B ZwDeleteKey
SSDT BA6D3F85 ZwDeleteValueKey
SSDT BA6D3FB7 ZwDuplicateObject
SSDT BA6D3F8A ZwLoadKey
SSDT BA6D3F58 ZwOpenProcess
SSDT BA6D3F5D ZwOpenThread
SSDT BA6D3FDF ZwQueryValueKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E7B67A]
SSDT BA6D3F94 ZwReplaceKey
SSDT BA6D3FD0 ZwRequestWaitReplyPort
SSDT BA6D3F8F ZwRestoreKey
SSDT BA6D3FCB ZwSetContextThread
SSDT BA6D3FD5 ZwSetSecurityObject
SSDT BA6D3F80 ZwSetValueKey
SSDT BA6D3FDA ZwSystemDebugControl
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6AD8640]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95A2360, 0x37388D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[1200] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.17.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user :: NAME-118D7DEF88 [Administrator] 18.07.2012 08:59:29 mbam-log-2012-07-18 (08-59-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348970 Laufzeit: 1 Stunde(n), 41 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schade, dass keiner gleich antwortet. Ich bin nähmlich ab morgen in Urlaub. Wär schön noch zu wissen, ob ich mir Sorgen machen muss. Hab ich beim Post etwas falsch gemacht? Wie gesag, bin neu hier. Falls ja, entschuldige ich mich im Voraus. Schade, dass keiner gleich antwortet. Ich bin nähmlich ab morgen in Urlaub. Wär schön noch zu wissen, ob ich mir Sorgen machen muss. Hab ich beim Post etwas falsch gemacht? Wie gesag, bin neu hier. Falls ja, entschuldige ich mich im Voraus. |
|
19.07.2012, 19:06
| #2 |
| /// Malware-holic   | Erst TR/Spy.ZBot.efym dann TR/Trash.Gen hi
__________________1. finger weg von der registry, da kann man viel kaputt machen. 2. poste die avira fundmeldungen, unter avira, ereignisse, bzw berichte
__________________ |
|
| Themen zu Erst TR/Spy.ZBot.efym dann TR/Trash.Gen |
| 7-zip, adobe, alternate, antispyware, audiograbber, avira, bho, browser, cc cleaner, converter, defender, desktop, ebanking, einstellungen, error, firefox, flash player, format, google, heuristiks/extra, heuristiks/shuriken, homepage, object, photoshop, plug-in, realtek, registry, rundll, searchscopes, security, software, super, symantec, trojaner, udp, windows internet |
Linear-Darstellung
