| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.07.2010, 22:07
| #16 |
 |  TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung OTML.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2010 22:52:45 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mrs.Smith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 101,97 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 125,65 Gb Free Space | 90,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MRSSMITH-PC
Current User Name: Mrs.Smith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\P4P\P4P.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
========== Modules (SafeList) ==========
MOD - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:13:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 21:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 19:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.26 21:37:37 | 000,000,000 | ---D | M]
[2009.01.13 10:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Extensions
[2010.07.26 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions
[2009.09.03 04:50:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.22 10:54:19 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.07.26 21:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.26 01:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.26 01:05:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.26 01:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.26 01:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.26 01:05:09 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{45F1407F-6ED4-82F5-EF23-385F11A24913}] C:\Users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mrs.Smith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mrs.Smith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5cd881d6-cb74-11de-9dc1-00235472449d}\Shell - "" = AutoRun
O33 - MountPoints2\{5cd881d6-cb74-11de-9dc1-00235472449d}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010.07.26 21:50:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.26 21:39:30 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Local\Threat Expert
[2010.07.26 21:37:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.26 12:36:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.07.26 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\Desktop\MFTools
[2010.07.25 21:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.07.22 11:01:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.07.22 11:01:58 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.07.22 11:01:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.07.22 10:59:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.07.22 10:59:03 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.07.22 10:58:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.07.22 10:58:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.07.22 10:58:23 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.07.21 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\Malwarebytes
[2010.07.21 09:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.07.21 09:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.21 09:16:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 09:16:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.26 03:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.06.06 19:37:59 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\Gyvay
[2010.05.10 20:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 90 Days ==========
[2010.07.26 22:53:43 | 006,291,456 | -HS- | M] () -- C:\Users\Mrs.Smith\ntuser.dat
[2010.07.26 22:51:52 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 22:51:52 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 22:51:51 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.26 22:51:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.26 22:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.26 22:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 22:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.26 22:48:50 | 001,683,939 | -H-- | M] () -- C:\Users\Mrs.Smith\AppData\Local\IconCache.db
[2010.07.26 22:20:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.26 21:55:10 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.07.26 12:36:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:21:31 | 000,284,915 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.26 12:06:20 | 000,410,876 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Load.exe
[2010.07.22 11:31:53 | 000,000,680 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\d3d9caps.dat
[2010.07.22 11:15:52 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010.07.22 10:58:31 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:19:10 | 000,020,001 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 12:57:39 | 001,453,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.21 12:57:39 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.21 12:57:39 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.21 12:57:39 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.21 12:57:39 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.21 12:51:54 | 000,000,016 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.21 09:27:08 | 000,001,881 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 18:30:40 | 000,000,145 | --S- | M] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 09:03:34 | 000,004,633 | ---- | M] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.11 23:54:14 | 000,033,280 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 10:09:56 | 000,011,591 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
[2010.06.20 15:12:01 | 000,007,168 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Object.xls
[2010.06.11 03:23:54 | 000,385,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.19 14:18:44 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010.07.26 12:07:40 | 000,284,915 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.26 12:06:15 | 000,410,876 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Load.exe
[2010.07.22 11:01:59 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.07.22 11:01:58 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.07.22 11:01:58 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.07.22 11:01:58 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.07.22 11:01:58 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.07.22 10:59:03 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.07.22 10:58:42 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.07.22 10:58:42 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.07.22 10:58:31 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:58:23 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.07.22 10:19:10 | 000,020,001 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 09:27:08 | 000,001,881 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 09:03:34 | 000,004,633 | ---- | C] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.20 08:37:58 | 000,000,145 | --S- | C] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 08:37:52 | 000,000,016 | ---- | C] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.11 10:09:55 | 000,011,591 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
[2010.06.20 15:12:01 | 000,007,168 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Object.xls
[2010.05.19 14:18:44 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.12.02 20:17:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 20:17:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.24 14:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.14 10:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2008.11.04 16:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.07.16 16:43:59 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hookmod.dll
========== LOP Check ==========
[2009.01.05 22:20:35 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\FRITZ!
[2010.07.20 09:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\gtk-2.0
[2010.07.21 08:31:10 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Gyvay
[2009.01.05 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\ICQ
[2009.03.19 10:42:08 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Nokia
[2009.01.05 22:05:48 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\OpenOffice.org
[2009.03.19 09:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\PC Suite
[2010.07.21 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Qeekq
[2009.05.03 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Thunderbird
[2010.07.26 22:48:58 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
|
|
26.07.2010, 22:08
| #17 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Gmer.txt:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-26 22:45:36
Windows 6.0.6002 Service Pack 2
Running: 4cenfjgc.exe; Driver: C:\Users\MRS~1.SMI\AppData\Local\Temp\agtoqkoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A0132D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A0134C8]
SSDT 8CBE723C ZwCreateThread
SSDT 8CBE7228 ZwOpenProcess
SSDT 8CBE722D ZwOpenThread
SSDT 8CBE7237 ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A0136D0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 209 81EB496C 8 Bytes [D6, 32, 01, 8A, C8, 34, 01, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81EB4984 4 Bytes [3C, 72, BE, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EB4B54 4 Bytes [28, 72, BE, 8C]
.text ntkrnlpa.exe!KeSetEvent + 40D 81EB4B70 4 Bytes [2D, 72, BE, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 81EB4D84 4 Bytes [37, 72, BE, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC06000, 0x1F875A, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
|
|
26.07.2010, 22:52
| #18 |
| /// Selecta Jahrusso   | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**
__________________ 
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
27.07.2010, 08:17
| #19 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung guten morgen, hier der log: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-24.06 - Mrs.Smith 27.07.2010 8:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1878 [GMT 2:00]
ausgeführt von:: c:\users\Mrs.Smith\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe
c:\users\Public\OOo_3.0.0_Win32Intel_install_de.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-27 bis 2010-07-27 ))))))))))))))))))))))))))))))
.
2010-07-26 21:32 . 2010-07-26 21:32 -------- d-----w- c:\windows\system32\Adobe
2010-07-26 19:50 . 2010-07-26 19:50 -------- d-----w- C:\_OTL
2010-07-26 19:39 . 2010-07-26 19:39 -------- d-----w- c:\users\Mrs.Smith\AppData\Local\Threat Expert
2010-07-26 10:22 . 2010-07-26 10:22 -------- d-----w- c:\program files\7-Zip
2010-07-22 09:01 . 2010-07-22 09:15 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-22 09:01 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-22 09:01 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-22 09:01 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-22 09:01 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-22 09:01 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-07-22 08:59 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-22 08:59 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-22 08:58 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-22 08:58 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-22 08:58 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-22 08:58 . 2010-07-26 19:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-22 08:58 . 2010-07-22 09:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\programdata\PC Tools
2010-07-21 09:26 . 2010-07-21 09:26 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Malwarebytes
2010-07-21 07:27 . 2010-07-21 07:27 -------- d-----w- c:\program files\Trend Micro
2010-07-21 07:26 . 2010-07-21 07:26 -------- d-----w- c:\program files\CCleaner
2010-07-21 07:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 07:16 . 2010-07-21 07:16 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 07:16 . 2010-07-25 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 07:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 06:37 . 2010-07-20 16:30 145 --s-a-w- c:\users\Mrs.Smith\AppData\Local\1447393971.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 21:35 . 2009-01-05 23:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 19:55 . 2009-01-05 22:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-07-26 19:40 . 2009-11-02 17:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 19:39 . 2010-02-23 08:18 -------- d-----w- c:\program files\Application Updater
2010-07-26 11:15 . 2009-01-05 20:06 1 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-22 19:37 . 2009-11-02 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 09:31 . 2009-06-08 07:32 680 ----a-w- c:\users\Mrs.Smith\AppData\Local\d3d9caps.dat
2010-07-21 10:57 . 2008-04-16 11:11 632252 ----a-w- c:\windows\system32\perfh007.dat
2010-07-21 10:57 . 2008-04-16 11:11 127464 ----a-w- c:\windows\system32\perfc007.dat
2010-07-21 10:51 . 2010-07-20 06:37 16 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
2010-07-21 08:21 . 2009-07-22 20:48 -------- d-----w- c:\program files\DivX
2010-07-21 07:54 . 2010-04-26 20:36 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Qeekq
2010-07-21 06:58 . 2009-03-19 07:36 -------- d-----w- c:\program files\Nokia
2010-07-21 06:56 . 2009-07-22 20:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-21 06:56 . 2009-07-22 20:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-21 06:55 . 2009-01-22 00:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-21 06:53 . 2008-11-04 13:35 -------- d-----w- c:\program files\ASUS
2010-07-21 06:53 . 2008-11-04 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 06:31 . 2010-06-06 17:37 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Gyvay
2010-07-20 07:01 . 2009-12-25 17:23 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\gtk-2.0
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 01:01 . 2010-06-26 01:01 -------- d-----w- c:\program files\Microsoft.NET
2010-06-12 05:26 . 2010-01-06 22:36 -------- d-----w- c:\program files\Ares
2010-06-05 07:32 . 2010-02-13 19:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 17:06 . 2010-06-10 06:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 06:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-01-26 19:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-10 06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 06:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 06:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 06:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 06:23 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-11-04 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-04 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,71,1a,95,f8,5b,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 133104]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-23 5120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {94C1B70E-2FCE-43DD-ADF0-4ADBB450E6B9} = 192.168.178.1
FF - ProfilePath - c:\users\Mrs.Smith\AppData\Roaming\Mozilla\Firefox\Profiles\0ukcfep3.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-{45F1407F-6ED4-82F5-EF23-385F11A24913} - c:\users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 09:03
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-27 09:09:36
ComboFix-quarantined-files.txt 2010-07-27 07:09
Vor Suchlauf: 6 Verzeichnis(se), 108.851.638.272 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 108.793.061.376 Bytes frei
- - End Of File - - 2ECA236B1194BF3C25572B37F836248B
|
|
27.07.2010, 08:19
| #20 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung hatte etwas Probleme, da das Programm sagte, es sei die Norten I.S. aktiv, war se aber meines Wissens nach nicht und ich konnte es auch nirgens entdecken. Norten hatte ich eigentlich schon vor längerer Zeit deinstalliert (dachte ich) |
|
27.07.2010, 09:48
| #21 |
| /// Selecta Jahrusso | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Ja Combofix findet alles  Schritt 1 verwende das Norton Removal Tool Schritt 2 Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter KillAll::
Folder::
c:\users\Mrs.Smith\AppData\Roaming\Qeekq
SecCenter::
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
{CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
{E10A9785-9598-4754-B552-92431C1C35F8}
Wichtig:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort Combofix.txt OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ --> TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung |
|
27.07.2010, 10:55
| #22 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Der PC hat nach step 1 erst nach dem 10 Versuch gebootet, allerdings kann ich jetzt Firefox und auch den IExplorer und diverse andere Programme nicht mehr öffenen. Die mEldungs erscheint, dass dies nicht geöffnetw erden kann, da das Programm zum löschen markiert wurde. Was nun? |
|
27.07.2010, 10:59
| #23 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung nach mehrmaligem Neustart ging es nun. Allerdings wurde ich zu nichts aufgefordert beim scan mit COmbofix und es wurde nixhts hochgeladen. hier der Log. Combofix Logfile: Code:
ATTFilter ComboFix 10-07-24.06 - Mrs.Smith 27.07.2010 11:21:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1829 [GMT 2:00]
ausgeführt von:: c:\users\Mrs.Smith\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Mrs.Smith\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Mrs.Smith\AppData\Roaming\Qeekq
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-27 bis 2010-07-27 ))))))))))))))))))))))))))))))
.
2010-07-27 09:29 . 2010-07-27 09:40 -------- d-----w- c:\users\Mrs.Smith\AppData\Local\temp
2010-07-27 09:29 . 2010-07-27 09:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-27 06:36 . 2010-07-27 07:15 -------- d-----w- C:\Combo-Fix
2010-07-26 21:32 . 2010-07-26 21:32 -------- d-----w- c:\windows\system32\Adobe
2010-07-26 19:50 . 2010-07-26 19:50 -------- d-----w- C:\_OTL
2010-07-26 19:39 . 2010-07-26 19:39 -------- d-----w- c:\users\Mrs.Smith\AppData\Local\Threat Expert
2010-07-26 10:22 . 2010-07-26 10:22 -------- d-----w- c:\program files\7-Zip
2010-07-22 09:01 . 2010-07-22 09:15 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-22 09:01 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-22 09:01 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-22 09:01 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-22 09:01 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-22 09:01 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-07-22 08:59 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-22 08:59 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-22 08:58 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-22 08:58 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-22 08:58 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-22 08:58 . 2010-07-26 19:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-22 08:58 . 2010-07-22 09:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\programdata\PC Tools
2010-07-21 09:26 . 2010-07-21 09:26 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Malwarebytes
2010-07-21 07:27 . 2010-07-21 07:27 -------- d-----w- c:\program files\Trend Micro
2010-07-21 07:26 . 2010-07-21 07:26 -------- d-----w- c:\program files\CCleaner
2010-07-21 07:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 07:16 . 2010-07-21 07:16 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 07:16 . 2010-07-25 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 07:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 06:37 . 2010-07-20 16:30 145 --s-a-w- c:\users\Mrs.Smith\AppData\Local\1447393971.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 09:40 . 2009-01-05 22:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-07-26 21:35 . 2009-01-05 23:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 19:40 . 2009-11-02 17:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 19:39 . 2010-02-23 08:18 -------- d-----w- c:\program files\Application Updater
2010-07-26 11:15 . 2009-01-05 20:06 1 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-22 19:37 . 2009-11-02 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 09:31 . 2009-06-08 07:32 680 ----a-w- c:\users\Mrs.Smith\AppData\Local\d3d9caps.dat
2010-07-21 10:57 . 2008-04-16 11:11 632252 ----a-w- c:\windows\system32\perfh007.dat
2010-07-21 10:57 . 2008-04-16 11:11 127464 ----a-w- c:\windows\system32\perfc007.dat
2010-07-21 10:51 . 2010-07-20 06:37 16 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
2010-07-21 08:21 . 2009-07-22 20:48 -------- d-----w- c:\program files\DivX
2010-07-21 06:58 . 2009-03-19 07:36 -------- d-----w- c:\program files\Nokia
2010-07-21 06:56 . 2009-07-22 20:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-21 06:56 . 2009-07-22 20:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-21 06:55 . 2009-01-22 00:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-21 06:53 . 2008-11-04 13:35 -------- d-----w- c:\program files\ASUS
2010-07-21 06:53 . 2008-11-04 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 06:31 . 2010-06-06 17:37 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Gyvay
2010-07-20 07:01 . 2009-12-25 17:23 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\gtk-2.0
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 01:01 . 2010-06-26 01:01 -------- d-----w- c:\program files\Microsoft.NET
2010-06-12 05:26 . 2010-01-06 22:36 -------- d-----w- c:\program files\Ares
2010-06-05 07:32 . 2010-02-13 19:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 17:06 . 2010-06-10 06:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 06:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-01-26 19:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-10 06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 06:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 06:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 06:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 06:23 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-11-04 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-04 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,71,1a,95,f8,5b,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 133104]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-23 5120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {94C1B70E-2FCE-43DD-ADF0-4ADBB450E6B9} = 192.168.178.1
FF - ProfilePath - c:\users\Mrs.Smith\AppData\Roaming\Mozilla\Firefox\Profiles\0ukcfep3.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 11:42
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(3708)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-27 11:50:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-27 09:49
ComboFix2.txt 2010-07-27 07:09
Vor Suchlauf: 9 Verzeichnis(se), 108.808.921.088 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 108.850.388.992 Bytes frei
- - End Of File - - 0EA8F43703F3309DE3C831E29F24B860
|
|
27.07.2010, 11:07
| #24 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung hier die OTL.TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.07.2010 12:01:10 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mrs.Smith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 101,42 Gb Free Space | 68,05% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 125,65 Gb Free Space | 90,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MRSSMITH-PC
Current User Name: Mrs.Smith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\P4P\P4P.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
========== Modules (SafeList) ==========
MOD - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.4
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:13:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 08:33:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 19:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.26 23:35:41 | 000,000,000 | ---D | M]
[2009.01.13 10:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Extensions
[2010.07.27 09:16:54 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions
[2009.09.03 04:50:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.22 10:54:19 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.07.26 21:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.26 01:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.26 01:05:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.26 01:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.26 01:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.26 01:05:09 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.07.27 11:40:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mrs.Smith\Pictures\wombats.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mrs.Smith\Pictures\wombats.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.27 11:50:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.07.27 11:50:05 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Local\temp
[2010.07.27 11:40:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.07.27 11:14:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.07.27 11:14:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.27 08:36:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.27 08:36:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.27 08:36:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.27 08:36:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.27 08:36:17 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.07.27 08:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.26 23:32:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.07.26 21:50:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.26 21:39:30 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Local\Threat Expert
[2010.07.26 12:36:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.07.25 21:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.07.22 11:01:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.07.22 11:01:58 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.07.22 11:01:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.07.22 10:59:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.07.22 10:59:03 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.07.22 10:58:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.07.22 10:58:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.07.22 10:58:23 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.07.21 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\Malwarebytes
[2010.07.21 09:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.07.21 09:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.21 09:16:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 09:16:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2010.07.27 12:00:44 | 006,291,456 | -HS- | M] () -- C:\Users\Mrs.Smith\ntuser.dat
[2010.07.27 11:56:08 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.27 11:56:08 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.27 11:56:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.27 11:56:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.27 11:55:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.27 11:51:46 | 001,686,056 | -H-- | M] () -- C:\Users\Mrs.Smith\AppData\Local\IconCache.db
[2010.07.27 11:40:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.07.27 11:40:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.27 11:40:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.07.27 11:30:00 | 000,524,288 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.27 11:30:00 | 000,065,536 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.27 11:20:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.27 11:09:49 | 000,000,872 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\ComboFix.exe - Verknüpfung.lnk
[2010.07.26 23:35:42 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.26 12:36:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:21:31 | 000,284,915 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.22 11:31:53 | 000,000,680 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\d3d9caps.dat
[2010.07.22 11:15:52 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010.07.22 10:58:31 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:19:10 | 000,020,001 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 12:57:39 | 001,453,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.21 12:57:39 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.21 12:57:39 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.21 12:57:39 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.21 12:57:39 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.21 12:51:54 | 000,000,016 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.21 09:27:08 | 000,001,881 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 18:30:40 | 000,000,145 | --S- | M] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 09:03:34 | 000,004,633 | ---- | M] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.11 23:54:14 | 000,033,280 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 10:09:56 | 000,011,591 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
========== Files Created - No Company Name ==========
[2010.07.27 11:09:49 | 000,000,872 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\ComboFix.exe - Verknüpfung.lnk
[2010.07.27 08:36:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.27 08:36:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.27 08:36:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.27 08:36:25 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.27 08:36:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.26 23:35:42 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.26 12:07:40 | 000,284,915 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.22 11:01:59 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.07.22 11:01:58 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.07.22 11:01:58 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.07.22 11:01:58 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.07.22 11:01:58 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.07.22 10:59:03 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.07.22 10:58:42 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.07.22 10:58:42 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.07.22 10:58:31 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:58:23 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.07.22 10:19:10 | 000,020,001 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 09:27:08 | 000,001,881 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 09:03:34 | 000,004,633 | ---- | C] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.20 08:37:58 | 000,000,145 | --S- | C] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 08:37:52 | 000,000,016 | ---- | C] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.11 10:09:55 | 000,011,591 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
[2009.12.02 20:17:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 20:17:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.24 14:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.14 10:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2008.11.04 16:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.07.16 16:43:59 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hookmod.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
|
|
27.07.2010, 11:07
| #25 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.07.2010 12:01:10 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mrs.Smith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 101,42 Gb Free Space | 68,05% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 125,65 Gb Free Space | 90,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MRSSMITH-PC
Current User Name: Mrs.Smith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C57221B-99BB-49D1-A67F-B2D7D8B3A8D1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6B881EB7-1AF4-407C-9364-F1E4783EF92A}" = protocol=6 | dir=in | app=c:\users\mrs.smith\appdata\local\temp\7zsf2b8.tmp\symnrt.exe |
"{DA2E972F-ADA4-4301-BAD7-4C7C4DAF85CE}" = protocol=17 | dir=in | app=c:\users\mrs.smith\appdata\local\temp\7zsf2b8.tmp\symnrt.exe |
"{E9DDAF48-54DC-411E-8531-40D70A2EBD4D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{5C013355-1A52-4CD4-811B-D32A3DE9A10C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{66CDE165-5DF9-4B59-B475-08622D15E3FC}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A8F29D09-306C-475C-A11E-303451E02393}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{EC7A5FB0-67C1-45AD-AA96-F25C2FA866B2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{19DF3844-D0CF-4324-9027-4E67028CDBF4}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{6C0EA153-284F-490F-8CF8-F2FD897654FC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B2CC61F4-D10D-42A7-8B65-4E1708870110}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{CC34F3B9-D978-4C33-B4B9-4EF2F003AB6A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"etope Lister_is1" = 1.25
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2010 19:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 19.06.2010 20:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 19.06.2010 21:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 19.06.2010 22:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 19.06.2010 23:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 20.06.2010 00:20:05 | Computer Name = MrsSmith-PC | Source = Google Update | ID = 20
Description =
Error - 24.06.2010 21:18:53 | Computer Name = MrsSmith-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2010 21:19:21 | Computer Name = MrsSmith-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LUpdate.exe, Version 1.0.0.7, Zeitstempel 0x4a851b6b,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x694, Anwendungsstartzeit 01cb1404702aef4f.
Error - 30.06.2010 01:38:48 | Computer Name = MrsSmith-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2010 01:39:18 | Computer Name = MrsSmith-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LUpdate.exe, Version 1.0.0.7, Zeitstempel 0x4a851b6b,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xb8c, Anwendungsstartzeit 01cb1816954ea134.
[ System Events ]
Error - 27.07.2010 05:20:38 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.07.2010 05:20:39 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.07.2010 05:20:39 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.07.2010 05:20:39 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.07.2010 05:29:52 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 27.07.2010 05:40:29 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.07.2010 05:43:52 | Computer Name = MrsSmith-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 27.07.2010 05:56:00 | Computer Name = MrsSmith-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.07.2010 um 11:53:04 unerwartet heruntergefahren.
Error - 27.07.2010 05:56:22 | Computer Name = MrsSmith-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.07.2010 05:58:07 | Computer Name = MrsSmith-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
27.07.2010, 11:11
| #26 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Nach dem Neustart jetzt (PC hat ohne Probleme gebootet), scheint alles gut zu laufen, wie vorher auch. Ist denn noch was drauf? |
|
27.07.2010, 11:12
| #27 |
| /// Selecta Jahrusso | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Schritt 1 Update Malwarebytes und lass einen QuickScan laufen Schritt 2 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde
Bitte poste in Deiner nächsten Antwort MBAM Log ESET Log Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.07.2010, 11:25
| #28 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4356 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 27.07.2010 12:22:34 mbam-log-2010-07-27 (12-22-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127246 Laufzeit: 6 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
27.07.2010, 13:04
| #29 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=8c558f8e67ac444a81a3383316c16d3f # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-27 10:31:19 # local_time=2010-07-27 12:31:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 529359 529359 0 0 # compatibility_mode=1797 16775165 100 100 435760 55741894 66697 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 9529 117759315 0 0 # compatibility_mode=8192 67108863 100 0 85 85 0 0 # scanned=2147 # found=0 # cleaned=0 # scan_time=92 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=8c558f8e67ac444a81a3383316c16d3f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-27 12:01:49 # local_time=2010-07-27 02:01:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 529490 529490 0 0 # compatibility_mode=1797 16775165 100 100 435891 55742025 66828 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 9660 117759446 0 0 # compatibility_mode=8192 67108863 100 0 216 216 0 0 # scanned=131798 # found=2 # cleaned=2 # scan_time=5391 C:\_OTL\MovedFiles\07262010_215056\C_Users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Programme\AresFileshare1.1-Setup.exe a variant of Win32/Adware.Webdir application (deleted - quarantined) 00000000000000000000000000000000 C |
|
27.07.2010, 13:05
| #30 |
| | TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung 2 Funde wurden gemeldet... |
|
| Themen zu TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung |
| antivir, antwort, bild, fehlermeldung, hallo zusammen, hijack, hijack this, natürlich, neu, nicht starten, nichts, not, popup, popups, schonmal, seite, seiten, seltsame, spyware, spyware doctor, starten, tablet, this, trojaner, vorschläge, werbung, will nicht, zusammen |
drücken.
Button.
Linear-Darstellung
