| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System der automatischen Informationskontrolle - Computer gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.10.2012, 10:53
| #46 |
| /// Malwareteam    |  System der automatischen Informationskontrolle - Computer gesperrt OK...jetzt wirds konfus... Versuchen wir was anderes... DDS Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 10:56
| #47 |
 | System der automatischen Informationskontrolle - Computer gesperrt attach.txt:
__________________Code:
ATTFilter . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 9.20 Acer Arcade Live Main Page Acer DV Magician Acer DVDivine Acer eDataSecurity Management Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer GameZone Console DTV 2.0.1.1 Acer HomeMedia Acer HomeMedia Connect Acer HomeMedia Trial Creator Acer ScreenSaver Acer SlideShow DVD Acer VideoMagician Active@ ISO Burner Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.3 - Deutsch Adobe Shockwave Player 11.5 AIO_CDB_Software AIO_Scan Alice Greenfingers Ask Toolbar ATI Catalyst Install Manager Azada Backspin Billiards Big Kahuna Reef Bing Bar BlackBerry Desktop Software 4.6 Bricks of Egypt BufferChm Business Contact Manager für Microsoft Outlook 2010 Business Contact Manager for Microsoft Outlook 2010 Cake Mania Chicken Invaders 3 Chuzzle Cisco Systems VPN Client 5.0.02.0090 Compatibility Pack for the 2007 Office system Copy CustomerResearchQFolder D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceManagementQFolder Diner Dash Flo on the Go DivX-Setup DocProc DocProcQFolder eSupportQFolder Farm Frenzy 3 Fax HappyFoto-Designer 4.4 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP Solution Center 8.0 HP Update HPProductAssistant HPSSupply Java Auto Updater Java(TM) 6 Update 31 Java(TM) 6 Update 7 Jewel Quest Solitaire Junk Mail filter update Kick N Rush LightScribe 1.4.142.1 Mahjong Escape Ancient China Mahjongg Artifacts Malwarebytes Anti-Malware Version 1.65.0.1400 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu Microsoft Lync 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Office XP Professional mit FrontPage Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) Move Media Player Mozilla Firefox 15.0.1 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Case Files - Huntsville Mystery Solitaire - Secret Island NTI Backup NOW! 4.7 NTI CD & DVD-Maker NVIDIA Drivers OGA Notifier 2.0.0048.0 PhotoScape Realtek High Definition Audio Driver Roxio Media Manager Sandlot Games Client Services 1.2.2 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Segoe UI Service Pack 1 für SQL Server 2008 (KB 968369) Skype™ 5.10 SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Sql Server Customer Experience Improvement Program Status Sudoku-Drucker 1.4 Tele2 Internet Toolbox TrayApp Turbo Pizza Unity Web Player UnloadSupport Unterstützungsdateien für Microsoft SQL Server 2008-Setup Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VLC media player 0.9.8a WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR WinZip 11.1 Zuma Deluxe . ==== End Of File =========================== Code:
ATTFilter DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by media at 12:54:22 on 2012-10-15
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vol.at/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://de.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [eRecoveryService] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\media\appdata\roaming\mozilla\firefox\profiles\n5rn3q93.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\televisionfanaticei\installr\1.bin\NP64EISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\media\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\media\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 10:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MozillaMaintenance;Mozilla Maintenance Service
R? MSSQLServerADHelper100;SQL Server Hilfsdienst fr Active Directory
R? osppsvc;Office Software Protection Platform
R? RsFx0103;RsFx0103 Driver
R? SkypeUpdate;Skype Updater
R? SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ)
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service
S? FontCache;Windows-Dienst fr Schriftartencache
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? NVHDA;Service for NVIDIA High Definition Audio Driver
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-10-15 08:30:22 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-15 08:29:50 -------- d-----w- c:\program files\LSoft Technologies
2012-10-15 07:56:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-15 07:46:42 -------- d-s---w- C:\ComboFix
2012-10-15 07:15:15 -------- d-----w- c:\users\media\appdata\local\{8C62B14F-495D-42C6-A5BF-AF05A4AE2F7E}
2012-10-14 14:47:18 -------- d-----w- c:\users\media\appdata\local\{C6A3EB50-A185-4214-A79F-87AA08281656}
2012-10-13 20:20:06 -------- d-----w- c:\users\media\appdata\local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}
2012-10-13 08:19:28 -------- d-----w- c:\users\media\appdata\local\{DEC86578-265F-4226-BE11-218391A0D6E2}
2012-10-12 10:52:25 -------- d-----w- c:\users\media\appdata\local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}
2012-10-12 07:18:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-11 12:11:46 -------- d-----w- C:\FRST
2012-10-11 06:50:43 98816 ----a-w- c:\windows\sed.exe
2012-10-11 06:50:43 256000 ----a-w- c:\windows\PEV.exe
2012-10-11 06:50:43 208896 ----a-w- c:\windows\MBR.exe
2012-10-10 07:42:34 -------- d-----w- c:\users\media\appdata\roaming\Malwarebytes
2012-10-10 07:42:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-10 07:42:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-10 07:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 17:06:34 -------- d-----w- c:\users\media\appdata\local\{8A1B6F60-E5FB-4734-B65A-73C964158462}
2012-10-08 20:23:32 -------- d-----w- c:\users\media\appdata\local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}
2012-10-08 08:23:16 -------- d-----w- c:\users\media\appdata\local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}
2012-10-07 19:46:36 -------- d-----w- c:\users\media\appdata\local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}
2012-10-07 07:46:20 -------- d-----w- c:\users\media\appdata\local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}
2012-10-06 07:07:00 -------- d-----w- c:\users\media\appdata\local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}
2012-10-05 15:12:51 -------- d-----w- c:\users\media\appdata\local\{05DFB635-8E02-4454-8574-7231AD0CB671}
2012-10-04 06:07:50 -------- d-----w- c:\users\media\appdata\local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}
2012-10-03 08:54:06 -------- d-----w- c:\users\media\appdata\local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}
2012-10-02 18:18:15 -------- d-----w- c:\users\media\appdata\local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}
2012-10-02 06:12:37 -------- d-----w- c:\users\media\appdata\local\{898B9573-F39D-455F-88F6-0671449A0BCA}
2012-10-01 13:14:30 -------- d-----w- c:\users\media\appdata\local\{5E37D240-981B-44AD-ACDE-790998226FC8}
2012-09-30 20:12:39 -------- d-----w- c:\users\media\appdata\local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}
2012-09-30 18:22:41 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-30 08:11:14 -------- d-----w- c:\users\media\appdata\local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}
2012-09-27 17:42:22 -------- d-----w- c:\users\media\appdata\local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}
2012-09-26 10:21:40 -------- d-----w- c:\users\media\appdata\local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}
2012-09-25 14:18:45 -------- d-----w- c:\users\media\appdata\local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}
2012-09-24 21:27:33 -------- d-----w- c:\users\media\appdata\local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}
2012-09-24 09:27:15 -------- d-----w- c:\users\media\appdata\local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}
2012-09-24 09:17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-24 09:17:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-24 09:17:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-09-24 09:17:01 140936 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-09-24 09:17:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-23 14:17:03 -------- d-----w- c:\users\media\appdata\local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}
2012-09-20 11:12:23 -------- d-----w- c:\users\media\appdata\local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}
2012-09-19 18:06:19 -------- d-----w- c:\users\media\appdata\local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}
2012-09-18 21:23:02 -------- d-----w- c:\users\media\appdata\local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}
2012-09-18 09:22:43 -------- d-----w- c:\users\media\appdata\local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}
2012-09-17 14:03:01 -------- d-----w- c:\users\media\appdata\local\{4C0E2FEF-678F-4900-A851-1AE659876089}
2012-09-16 20:40:07 -------- d-----w- c:\users\media\appdata\local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}
2012-09-15 13:26:37 -------- d-----w- c:\users\media\appdata\local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
.
==================== Find3M ====================
.
2012-10-09 18:01:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:01:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 12:55:21,93 ===============
|
|
15.10.2012, 11:03
| #48 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt
__________________ |
|
15.10.2012, 11:05
| #49 |
| | System der automatischen Informationskontrolle - Computer gesperrtCode:
ATTFilter DDS (Ver_2012-10-14.05)
Run by media at 13:05:30 on 2012-10-15
---- Advanced Fixes ----
Reset policy - DisableTaskMgr
Reset policy - Taskman
Reset policy - DisableCAD
Reset policy - DELETE
Reset policy - DisableRegistryTools
Reset policy - DELETE
Reset policy - DELETE
Reset policy - DisableCMD
Reset policy - autorun
Reset policy - DELETE
Reset policy - NoRun
Reset policy - NoFolderOptions
Reset policy - NoDesktop
Reset policy - NoViewOnDrive
Reset policy - NoDrives
Reset policy - DisallowCpl
Reset policy - NoControlPanel
Reset policy - RestrictCpl
Reset policy - NoNetworkConnections
Reset policy - NoAddRemovePrograms
Reset policy - NoRemovePage
Reset policy - NoDispCpl
Reset policy - NoDispAppearancePage
Reset policy - NoDispBackgroundPage
Reset policy - NoDispSettingsPage
Reset policy - Wallpaper
Reset policy - WallpaperStyle
Reset policy - NoChangingWallpaper
Reset policy - NoHTMLWallPaper
Reset policy - NoActiveDesktop
Reset policy - NoSetActiveDesktop
Reset policy - NoSetActiveDesktopChanges
Reset policy - ForceActiveDesktopOn
Reset policy - ClassicShell
Reset policy - DisableSR
Reset policy - DisableSR
Reset policy - DELETE
Reset policy - DisallowRun
Reset policy - Restrict_Run
Reset policy - NoWindowsUpdate
Reset policy - DisableWindowsUpdateAccess
Reset policy - NoInternetIcon
Reset policy - NoNetworkConnections
Reset policy - NoPropertiesMyComputer
Reset policy - NoDevMgrPage
Reset policy - NoClose
Reset policy - NoFind
Reset policy - NoShellSearchButton
Reset policy - StartMenuLogOff
Reset policy - NoStartMenuSubFolders
Reset policy - NoStartMenuMorePrograms
Reset policy - NoCommonGroups
Reset policy - NoViewContextMenu
Reset policy - NoTrayContextMenu
Reset policy - NoTrayItemsDisplay
Reset policy - HideClock
Reset policy - NoSetTaskbar
Reset policy - NoThemesTab
Reset policy - NoHardwareTab
Reset policy - NoToolbarCustomize
Reset policy - NoRecycleFiles
Reset policy - DisableCurrentUserRun
Reset policy - DisableCurrentUserRunOnce
Reset policy - DisableLocalUserRun
Reset policy - DisableLocalUserRunOnce
Reset policy - Disable Advanced
Reset policy - NoNetHood
Reset policy - SfcShowProgress
Reset policy - SfcQuota
Reset policy - SfcScan
Reset policy - NoFileMenu
Completed resetting policies.
................
Repairing the LSP stack
Done!
Please reboot the machine for the changes to take effect
................
|
|
15.10.2012, 11:06
| #50 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Versuche noch einmal, combofix mit der /nombr-Version zu starten.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 11:29
| #51 |
| | System der automatischen Informationskontrolle - Computer gesperrt Habe ich probiert.. als erstes direkt nach der Umstellung des DDS, dann nochmals nach Neustart probiert... nach über 20 Minuten habe ich es erneut abgebrochen, beim wiederholten Neustart, kommt folgende Meldung (Anhang)... Was soll ich da als 1. drücken und 2. wie geht's weiter?...  lg |
|
15.10.2012, 11:56
| #52 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Da kannst du "ja" drücken...was den Rest angeht, muss ich nochmal Rücksprache halten.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 13:20
| #53 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Suche mit FRST Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier. Schritt 2: combofix /skipfix Klicke auf Start-->Ausführen..., gib folgendes ein: Code:
ATTFilter combofix /skipfix
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 20:10
| #54 |
| | System der automatischen Informationskontrolle - Computer gesperrt Also... Ich konnte immer nur eine Datei suchen, deswegen die mehreren logs: *ipinip.sys:* Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-15 21:30:58
Running from J:\
================== Search: "File: C:\Windows\System32\DRIVERS\ipinip.sys" ===================
=== End Of Search ===
Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-15 21:40:40
Running from J:\
================== Search: "File: C:\Windows\System32\DRIVERS\nwlnkflt.sys" ===================
=== End Of Search ===
Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-15 21:45:42
Running from J:\
================== Search: "File: C:\Windows\System32\DRIVERS\nwlnkfwd.sys" ===================
=== End Of Search ===
Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-15 21:25:50
Running from J:\
================== Search: "File: C:\Windows\Acer_Normal\run_DT.exe" ===================
=== End Of Search ===
Combofix hat endlich mal funktioniert, ich hänge dir die Datei an! Lg |
|
16.10.2012, 06:17
| #55 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt So, jetzt wird ein Schuh draus! Schritt 1: Custom Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
c:\windows\*.* /RP
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 07:39
| #56 |
| | System der automatischen Informationskontrolle - Computer gesperrt Guten Morgen Marius! hab alles so gemacht, wie du geschrieben hast, OTL hat allerdings nur eine Textdatei OTL.txt erstellt: Code:
ATTFilter OTL logfile created on: 16.10.2012 08:23:54 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\media\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,87% Memory free 6,21 Gb Paging File | 5,04 Gb Available in Paging File | 81,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294,33 Gb Total Space | 175,80 Gb Free Space | 59,73% Space Free | Partition Type: NTFS Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS Drive J: | 7,70 Gb Total Space | 7,70 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 09:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL.exe PRC - [2012.09.07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.03.25 13:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2010.03.05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2008.01.09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2007.10.26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 07:42:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 07:42:02 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.10 02:35:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 02:35:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.05 16:32:36 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.03.05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.01.09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe ========== Services (SafeList) ========== SRV - [2012.10.09 19:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.30 19:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 16:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.25 13:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.03.31 05:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2009.03.30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2009.03.30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ) SRV - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.10.26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.10.15 09:30:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012.09.07 16:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.10.05 11:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.08.21 21:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2007.12.08 06:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.12.08 06:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.10.26 13:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.09.10 19:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 19:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 10:26:52 | 000,000,000 | ---D | M] [2009.09.08 16:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions [2012.08.31 16:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions [2012.04.01 19:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com [2012.07.31 10:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml [2012.07.31 10:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.30 19:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.01 19:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.11 19:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.30 19:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.15 21:00:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.10.15 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4AA2A1E7-847B-4A7E-A5DB-2BC56CBCDCB1} [2012.10.15 21:00:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.15 11:53:52 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\media\Desktop\dds.com [2012.10.15 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\tdsskiller [2012.10.15 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies [2012.10.15 09:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2012.10.15 09:27:45 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\media\Desktop\OTLPENet.exe [2012.10.15 08:15:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8C62B14F-495D-42C6-A5BF-AF05A4AE2F7E} [2012.10.14 15:47:18 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6A3EB50-A185-4214-A79F-87AA08281656} [2012.10.13 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7} [2012.10.13 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2} [2012.10.12 11:52:25 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3} [2012.10.12 08:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.12 08:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.12 08:18:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.11 13:11:46 | 000,000,000 | ---D | C] -- C:\FRST [2012.10.11 11:01:48 | 004,980,567 | R--- | C] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe [2012.10.11 07:50:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.11 07:50:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.11 07:50:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.11 07:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.11 07:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.11 06:54:14 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe [2012.10.10 08:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes [2012.10.10 08:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.10 08:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.10 08:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.10 08:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.09 18:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462} [2012.10.08 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A} [2012.10.08 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF} [2012.10.07 20:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4} [2012.10.07 08:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C} [2012.10.06 08:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6} [2012.10.05 16:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671} [2012.10.04 07:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5} [2012.10.03 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB} [2012.10.02 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9} [2012.10.02 07:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA} [2012.10.01 14:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8} [2012.09.30 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F} [2012.09.30 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764} [2012.09.27 18:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544} [2012.09.26 11:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C} [2012.09.25 15:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3} [2012.09.24 22:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173} [2012.09.24 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA} [2012.09.23 15:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE} [2012.09.20 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC} [2012.09.19 19:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA} [2012.09.18 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7} [2012.09.18 10:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA} [2012.09.17 15:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089} [2012.09.16 21:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356} [9 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.16 08:23:51 | 000,693,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.16 08:23:51 | 000,661,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.16 08:23:51 | 000,150,490 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.16 08:23:51 | 000,128,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.16 08:19:13 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.10.16 08:17:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.16 08:17:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.16 08:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.16 08:16:57 | 3220,336,640 | -HS- | M] () -- C:\hiberfil.sys [2012.10.16 00:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.15 21:09:44 | 000,004,421 | ---- | M] () -- C:\Users\media\Desktop\combofix.7z [2012.10.15 21:00:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.15 20:50:32 | 004,980,567 | R--- | M] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe [2012.10.15 11:53:58 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\media\Desktop\dds.com [2012.10.15 11:12:55 | 002,194,704 | ---- | M] () -- C:\Users\media\Desktop\tdsskiller.zip [2012.10.15 09:32:36 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\media\Desktop\OTLPENet.exe [2012.10.12 16:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe [2012.10.11 09:32:16 | 000,001,356 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2012.10.10 09:29:02 | 239,283,638 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.10 09:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable [2012.10.10 08:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.10 08:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.07 16:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf [9 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.15 21:09:44 | 000,004,421 | ---- | C] () -- C:\Users\media\Desktop\combofix.7z [2012.10.15 11:12:55 | 002,194,704 | ---- | C] () -- C:\Users\media\Desktop\tdsskiller.zip [2012.10.12 12:22:06 | 3220,336,640 | -HS- | C] () -- C:\hiberfil.sys [2012.10.11 07:50:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.11 07:50:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.11 07:50:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.11 07:50:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.11 07:50:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.10 09:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable [2012.10.10 08:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.07 16:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf [2011.07.14 12:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.07.27 17:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2010.05.25 15:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat [2009.03.21 17:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.20 11:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.03.21 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console [2010.05.05 08:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient [2008.10.02 13:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games [2008.09.11 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi [2008.10.03 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames [2011.11.28 12:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto [2012.10.04 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express [2008.09.29 10:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst [2008.12.17 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache [2011.12.03 13:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion [2012.01.20 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity [2010.08.22 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < c:\windows\*.* /RP > [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.23 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < %SYSTEMDRIVE%\*. > [2012.10.15 21:00:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.09.05 13:27:27 | 000,000,000 | ---D | M] -- C:\Acer [2008.09.11 15:21:48 | 000,000,000 | ---D | M] -- C:\AcerSW [2008.03.21 22:05:47 | 000,000,000 | ---D | M] -- C:\Book [2010.05.13 21:53:59 | 000,000,000 | ---D | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.09.03 15:08:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.03.21 22:05:47 | 000,000,000 | ---D | M] -- C:\DRV [2012.10.11 13:11:46 | 000,000,000 | ---D | M] -- C:\FRST [2010.05.28 11:14:13 | 000,000,000 | ---D | M] -- C:\Games [2012.07.08 21:17:18 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.08.10 13:20:09 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.15 20:54:36 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.11 23:52:50 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.09.03 15:08:55 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.15 21:04:34 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.10.15 09:30:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.12 08:18:03 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2008.09.05 13:26:21 | 000,000,000 | R--D | M] -- C:\Users [2012.10.15 21:00:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\erdnt\cache\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\erdnt\cache\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-24 09:17:42 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [_default.pif] -> c:\windows\_default.pif -> HardLink [bfsvc.exe] -> c:\windows\bfsvc.exe -> HardLink [C:\Windows\$NtUninstallKB26798$] -> -> Unknown point type [explorer.exe] -> c:\windows\explorer.exe -> HardLink [fveupdate.exe] -> c:\windows\fveupdate.exe -> HardLink [HelpPane.exe] -> c:\windows\HelpPane.exe -> HardLink [hh.exe] -> c:\windows\hh.exe -> HardLink [mib.bin] -> c:\windows\mib.bin -> HardLink [notepad.exe] -> c:\windows\notepad.exe -> HardLink [regedit.exe] -> c:\windows\regedit.exe -> HardLink [twain.dll] -> c:\windows\twain.dll -> HardLink [twain_32.dll] -> c:\windows\twain_32.dll -> HardLink [twunk_16.exe] -> c:\windows\twunk_16.exe -> HardLink [twunk_32.exe] -> c:\windows\twunk_32.exe -> HardLink [winhelp.exe] -> c:\windows\winhelp.exe -> HardLink [winhlp32.exe] -> c:\windows\winhlp32.exe -> HardLink [WMSysPr9.prx] -> c:\windows\WMSysPr9.prx -> HardLink ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25 < End of report > |
|
16.10.2012, 08:54
| #57 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Scan mit adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 09:06
| #58 |
| | System der automatischen Informationskontrolle - Computer gesperrtCode:
ATTFilter # AdwCleaner v2.005 - Datei am 16/10/2012 um 10:05:53 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : media - MEDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\media\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\media\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\Conduit
Ordner Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKU\S-1-5-21-3532016870-2659621917-2767292664-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\prefs.js
Gefunden : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2438727.CTID", "CT2438727");
Gefunden : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Gefunden : user_pref("CT2438727.CurrentServerDate", "27-2-2010");
Gefunden : user_pref("CT2438727.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2438727.FirstServerDate", "27-2-2010");
Gefunden : user_pref("CT2438727.FirstTime", true);
Gefunden : user_pref("CT2438727.FirstTimeFF3", true);
Gefunden : user_pref("CT2438727.GroupingInvalidateCache", false);
Gefunden : user_pref("CT2438727.GroupingLastCheckTime", "0");
Gefunden : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Gefunden : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2438727.Initialize", true);
Gefunden : user_pref("CT2438727.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2438727.InstalledDate", "Sat Feb 27 2010 13:36:20 GMT+0100");
Gefunden : user_pref("CT2438727.InvalidateCache", false);
Gefunden : user_pref("CT2438727.IsGrouping", false);
Gefunden : user_pref("CT2438727.IsMulticommunity", false);
Gefunden : user_pref("CT2438727.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2438727.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2438727.LanguagePackLastCheckTime", "Sat Feb 27 2010 13:36:20 GMT+0100");
Gefunden : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2438727.LastLogin_2.5.7.3", "Sat Feb 27 2010 13:36:23 GMT+0100");
Gefunden : user_pref("CT2438727.LatestVersion", "2.1.0.18");
Gefunden : user_pref("CT2438727.Locale", "en");
Gefunden : user_pref("CT2438727.LoginCache", 4);
Gefunden : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2438727.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2438727.RadioLastCheckTime", "0");
Gefunden : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Gefunden : user_pref("CT2438727.RadioLastUpdateServer", "0");
Gefunden : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2438727.SearchBoxWidth", 143);
Gefunden : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gefunden : user_pref("CT2438727.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sat Feb 27 2010 13:36:23 GMT+0100");
Gefunden : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gefunden : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2438727.SettingsLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");
Gefunden : user_pref("CT2438727.SettingsLastUpdate", "1266424830");
Gefunden : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Feb 27 2010 13:36:18 GMT+0100");
Gefunden : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1266424830");
Gefunden : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2438727.UserID", "UN30182459095590657");
Gefunden : user_pref("CT2438727.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2438727.alertChannelId", "832836");
Gefunden : user_pref("CT2438727.clientLogIsEnabled", true);
Gefunden : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2438727.myStuffEnabled", true);
Gefunden : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gefunden : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 27 2010 13:36:18 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{37c415de-8be0-4628-a4b4-1ebae7359a0a}");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R1].txt - [10950 octets] - [16/10/2012 10:05:53]
########## EOF - C:\AdwCleaner[R1].txt - [11011 octets] ##########
|
|
16.10.2012, 09:14
| #59 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Schritt 1: Fix mit adwCleaner
Schritt 2: Fix mit OTL
Code:
ATTFilter :OTL
[C:\Windows\$NtUninstallKB26798$] -> -> Unknown point type
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
:Commands
[purity]
[emptytemp]
Schritt 3: MBAM
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 10:28
| #60 |
| | System der automatischen Informationskontrolle - Computer gesperrt Wow.. das ging ja lange  ... hat alles funktioniert:Hier die Logs: Schritt 1: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 16/10/2012 um 10:16:24 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : media - MEDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\media\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\searchplugins\Askcom.xml
Gelöscht mit Neustart : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\media\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\Conduit
Ordner Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\prefs.js
C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2438727.CTID", "CT2438727");
Gelöscht : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Gelöscht : user_pref("CT2438727.CurrentServerDate", "27-2-2010");
Gelöscht : user_pref("CT2438727.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2438727.FirstServerDate", "27-2-2010");
Gelöscht : user_pref("CT2438727.FirstTime", true);
Gelöscht : user_pref("CT2438727.FirstTimeFF3", true);
Gelöscht : user_pref("CT2438727.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2438727.GroupingLastCheckTime", "0");
Gelöscht : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Gelöscht : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2438727.Initialize", true);
Gelöscht : user_pref("CT2438727.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2438727.InstalledDate", "Sat Feb 27 2010 13:36:20 GMT+0100");
Gelöscht : user_pref("CT2438727.InvalidateCache", false);
Gelöscht : user_pref("CT2438727.IsGrouping", false);
Gelöscht : user_pref("CT2438727.IsMulticommunity", false);
Gelöscht : user_pref("CT2438727.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2438727.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2438727.LanguagePackLastCheckTime", "Sat Feb 27 2010 13:36:20 GMT+0100");
Gelöscht : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2438727.LastLogin_2.5.7.3", "Sat Feb 27 2010 13:36:23 GMT+0100");
Gelöscht : user_pref("CT2438727.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2438727.Locale", "en");
Gelöscht : user_pref("CT2438727.LoginCache", 4);
Gelöscht : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2438727.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2438727.RadioLastCheckTime", "0");
Gelöscht : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Gelöscht : user_pref("CT2438727.RadioLastUpdateServer", "0");
Gelöscht : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2438727.SearchBoxWidth", 143);
Gelöscht : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gelöscht : user_pref("CT2438727.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sat Feb 27 2010 13:36:23 GMT+0100");
Gelöscht : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gelöscht : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2438727.SettingsLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");
Gelöscht : user_pref("CT2438727.SettingsLastUpdate", "1266424830");
Gelöscht : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Feb 27 2010 13:36:18 GMT+0100");
Gelöscht : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1266424830");
Gelöscht : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2438727.UserID", "UN30182459095590657");
Gelöscht : user_pref("CT2438727.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2438727.alertChannelId", "832836");
Gelöscht : user_pref("CT2438727.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2438727.myStuffEnabled", true);
Gelöscht : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gelöscht : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 27 2010 13:36:18 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{37c415de-8be0-4628-a4b4-1ebae7359a0a}");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R1].txt - [11081 octets] - [16/10/2012 10:05:53]
AdwCleaner[S1].txt - [10827 octets] - [16/10/2012 10:16:24]
########## EOF - C:\AdwCleaner[S1].txt - [10888 octets] ##########
Code:
ATTFilter All processes killed
========== OTL ==========
Unable to remove Unknown point type C:\Windows\$NtUninstallKB26798$
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: media
->Temp folder emptied: 865713 bytes
->Temporary Internet Files folder emptied: 1549901863 bytes
->Java cache emptied: 74876629 bytes
->FireFox cache emptied: 65382171 bytes
->Flash cache emptied: 6240878 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 286 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81607 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.619,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_102244
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.16.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 media :: MEDIA-PC [Administrator] Schutz: Aktiviert 16.10.2012 10:36:16 mbam-log-2012-10-16 (10-36-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355612 Laufzeit: 34 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\FRST\Quarantine\6eb1f9e0\U\00000001.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\000000cf.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\80000000.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\800000c0.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\800000cb.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\6eb1f9e0\U\800000cf.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\media\AppData\Local\VirtualStore\Windows\System32\cooper.mine (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\media\AppData\Local\VirtualStore\Windows\System32\net.net (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
| Themen zu System der automatischen Informationskontrolle - Computer gesperrt |
| 32 bit, bho, bildschirm, bildschirm weiß, bingbar, computer, desktop, diner dash, document, error, excel, exploit.drop.2, fehler, firefox, flash player, home, install.exe, logfile, mozilla, officejet, outlook 2010, phishing, plug-in, popup, realtek, registry, sekunden, senden, server, siteadvisor, software, svchost.exe, system, trojan.agent.ge, trojan.tracur.s, usb, vista |
Textbox.
Linear-Darstellung
