Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vermute Virus bzw. Wurm auf System (https://www.trojaner-board.de/85261-vermute-virus-bzw-wurm-system.html)

Petra78 24.04.2010 13:25
Vermute Virus bzw. Wurm auf System
 
Hallo,

Ich habe die Vermutung das sich auf meinem Notebook ein Virus bzw. ein Wurm oder ähnliches befinden könnte. Ich habe dazu schon einige Beiträge durchgelesen und auch das HiJackThis Programm installiert und ausgeführt.
Aber leider kam folgende Meldung bei mir und nicht der Text wie in HiJackThis Anleitung beschrieben: "For some reason your system deniede write access to the Hosts file. If an hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot. For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."
Ich wollte das Programm dann als Administrator ausführen, aber immer wenn ich rechtsklick mache (habe Vista) erscheint nichts mit Administrator ausführen.
Also habe ich es erstmal seingelassen und habe dann mal den BitDefender QuickScan durchlaufen lassen, der mir folgendes mitgeteilt hat:

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Sat Apr 24 05:13:46 2010
Machine ID: 88FA0FDB



Found 2 infected files!
-----------------------

C:\Users\user\AppData\Local\Temp\Pgj.exe --> Gen:Variant.Renos.6
--> Process Pgj.exe (2368)

C:\Users\user\AppData\Local\Temp\Pgk.exe --> Gen:Variant.Renos.6
--> Process Pgk.exe (5168)



Processes
---------
<unsigned> Pgj.exe 2368 C:\Users\user\AppData\Local\Temp\Pgj.exe
<unsigned> Pgk.exe 5168 C:\Users\user\AppData\Local\Temp\Pgk.exe
<unsigned> UIExec.exe 524 C:\Program Files\Join Air\UIExec.exe

<verified> avast! Antivirus 364 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> Betriebssystem Microsoft® Windows® 1432 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Betriebssystem Microsoft® Windows® 796 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Betriebssystem Microsoft® Windows® 1912 C:\Windows\Explorer.EXE
<verified> Betriebssystem Microsoft® Windows® 1872 C:\Windows\system32\Dwm.exe
<verified> Betriebssystem Microsoft® Windows® 2224 C:\Windows\system32\taskeng.exe
<verified> Catalyst Control Centre 1976 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
<verified> Catalyst Control Centre 1028 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
<verified> Firefox 5908 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HD Audio Control Panel 228 C:\Windows\RtHDVCpl.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 544 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System 2540 C:\Windows\ehome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 1812 C:\Windows\ehome\ehtray.exe
<verified> RAID Event Monitor 376 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> SM56 Helper Win32 Utility 372 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
<verified> Windows Defender 2044 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer 4020 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 4908 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 5304 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 6140 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.73.162
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.73.155
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.73.155
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.73.162
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 78.108.180.141
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 78.108.180.141
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.82.19
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 88.85.82.19
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 78.108.180.141
Process Pgk.exe (5168) connected on port 80 (HTTP) --> 78.108.180.141
Process firefox.exe (5908) connected on port 1935 --> ns210038.ovh.net



Autoruns and critical files
---------------------------
<unsigned> Orb C:\Program Files\Winamp Remote\bin\OrbTray.exe
<unsigned> Pgj.exe C:\Users\user\AppData\Local\Temp\Pgj.exe
<unsigned> Pgk.exe C:\Users\user\AppData\Local\Temp\Pgk.exe
<unsigned> UIExec.exe C:\Program Files\Join Air\UIExec.exe

<verified> ManyCam Application C:\Program Files\ManyCam 2.4\ManyCam.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> avast! Antivirus C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> Betriebssystem Microsoft® Windows® C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Betriebssystem Microsoft® Windows® C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Betriebssystem Microsoft® Windows® C:\Windows\System32\browseui.dll
<verified> Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> CLIStart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<verified> Google Update C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
<verified> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Realtek Voice Manager C:\Windows\Skytel.exe
<verified> SM56 Helper Win32 Utility C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

<verified> AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Betriebssystem Microsoft® Windows® C:\Windows\System32\mswsock.dll
<verified> Betriebssystem Microsoft® Windows® C:\Windows\System32\NapiNSP.dll
<verified> Betriebssystem Microsoft® Windows® C:\Windows\System32\pnrpnsp.dll
<verified> BitDefender QuickScan C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Java Deployment Toolkit 6.0.190.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U19 C:\Program Files\Java\jre6\bin\jp2ssv.dll
<verified> libcurl.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
<verified> libexpatw.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
<verified> Microsoft® Visual Studio .NET C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
<verified> Microsoft® Visual Studio .NET C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> The OpenSSL Toolkit C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
<verified> The OpenSSL Toolkit C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
<verified> TVU Web Player for FireFox C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
<verified> zlib C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll


Missing files
-------------
File not found: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
referenced in: HLKM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\"Path"

File not found: C:\Windows\system32\drivers\blbdrive.sys
referenced in: HKLM\System\ControlSet001\services\blbdrive\"ImagePath"

File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Scan
----
<unsigned> MD5: 6ca1292225b47a5421e941b3cfef48af C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
<unsigned> MD5: f3eac60879ae425d81dba70c3da76d13 C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
<unsigned> MD5: 02bd0feacaa1a65f77806a3c3debd046 C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
<unsigned> MD5: 27bb54223d4aaebbeb0e65df776cf6c2 C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
<unsigned> MD5: 99c120153031fbd057d4fa0499fff755 C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
<unsigned> MD5: 9625471205dfc433fb73e231fc9cbb01 C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
<unsigned> MD5: e5c7e4c34e43bfd68de1cf2034fe9af8 C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
<unsigned> MD5: cb39a7024be54e75e3b696272fdc0987 C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
<unsigned> MD5: 8f933065a585eafd798dd5e49598cdcb C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
<unsigned> MD5: e8b0edd5c8518d9a1f73ac0c54a94d7c C:\Program Files\Alwil Software\Avast4\ashBase.dll
<unsigned> MD5: 0b9dbfe71f4eb4355985ee60e6a1dc3f C:\Program Files\Alwil Software\Avast4\ashTask.dll
<unsigned> MD5: fce48f51523e38c5e74969766b353d73 C:\Program Files\Alwil Software\Avast4\ashUInt.dll
<unsigned> MD5: 8ea778943b7e155991ae9e3c818269ab C:\Program Files\Alwil Software\Avast4\aswAux.dll
<unsigned> MD5: f8df17a0090f29ee330b34145152f38a C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
<unsigned> MD5: 6d6416fa182fa865d265dffa5a03c3c2 C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
<unsigned> MD5: 7d79cd441ed208d062b326145c7b3aed C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
<unsigned> MD5: 68cf2e89bfb303567e78f9ac3482e5e9 C:\Program Files\Alwil Software\Avast4\GERMAN\Base.dll
<unsigned> MD5: c37a82cab55ca0cc1df3079ebdfbaff3 C:\Program Files\Alwil Software\Avast4\GERMAN\Lang.dll
<unsigned> MD5: 6c08604b5465de19eaac58c6a537d0bf C:\Program Files\Alwil Software\Avast4\XT1922.dll
<unsigned> MD5: 3a9f70479a886dcc8e5151326156472d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
<unsigned> MD5: caa2d58bfc41233a082c8b19d67b458d C:\Program Files\Java\jre6\bin\awt.dll
<unsigned> MD5: f2ddab039241c453a7fb9e1d039b154d C:\Program Files\Java\jre6\bin\client\jvm.dll
<unsigned> MD5: 5ac803360c5cb072fd089de1ce165386 C:\Program Files\Java\jre6\bin\deploy.dll
<unsigned> MD5: b99688c2024fb0813b26beeaaf87615d C:\Program Files\Java\jre6\bin\hpi.dll
<unsigned> MD5: 87739b517d98ade82df0e14edcda179e C:\Program Files\Java\jre6\bin\java.dll
<unsigned> MD5: 2c6c7ad0e07da4d1f38dab01d1b0fd95 C:\Program Files\Java\jre6\bin\jp2native.dll
<unsigned> MD5: 6655a2ecc5e0e99ac20987e668ee3857 C:\Program Files\Java\jre6\bin\net.dll
<unsigned> MD5: d34e74f7a9cff2fa42e040312d559a5a C:\Program Files\Java\jre6\bin\nio.dll
<unsigned> MD5: 03150330eac52a3a15f006be1ee01d36 C:\Program Files\Java\jre6\bin\regutils.dll
<unsigned> MD5: 7605ce091c0b2a32e8bdbd630502fa38 C:\Program Files\Java\jre6\bin\verify.dll
<unsigned> MD5: b7863bd54427e4ff1212503a4f270d05 C:\Program Files\Java\jre6\bin\zip.dll
<unsigned> MD5: a447361e6156afef47a42ae9e89b2bb3 C:\Program Files\Join Air\AssistantServices.exe
<unsigned> MD5: 4ef08a95991555dd2981c09367cca6c8 C:\Program Files\Join Air\UIExec.exe
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 3d50c41f6ac9f395bc77477f14b07194 C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 5a4cd8c1747b0c5e66f1a7b6a93453eb C:\Program Files\Winamp Remote\bin\OrbTray.exe
<unsigned> MD5: e0a7d542b66725fe81eb9f5aeb9b1e82 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 421a25d626e5c2da375e357b1a9f0d80 C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll
<unsigned> MD5: 63d660fe32a72da91af4ce02c1268f7a C:\Users\user\AppData\Local\Temp\Pgj.exe
<unsigned> MD5: d18e59c18cffe15bcd76994141c8535a C:\Users\user\AppData\Local\Temp\Pgk.exe
<unsigned> MD5: ffb6f6d5dab74e61b47c91245eed5090 C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
<unsigned> MD5: 3c97e7131026a968c69892a3002f4003 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
<unsigned> MD5: 31d759eb90cccadc5641b6461c8ae180 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
<unsigned> MD5: 4005c194272628cd1362a7ac88b50718 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
<unsigned> MD5: 5ed7722d11473666528dadc758e4edf1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
<unsigned> MD5: 96d9ccdfcbdab436bf49ad0ed15c18e3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
<unsigned> MD5: ecc76d49e38c7a1847a97aaf77d6e33e C:\Windows\System32\dossec.dll
<unsigned> MD5: eb638a6775788b474fbf88e8ff3b2cab C:\Windows\System32\Interop.SHDocVw.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 0.31 KB recvd
Scanned 926 files and modules - 22 seconds


Ich hoffe das kann euch schonmal weiterhelfen. Mir sagt es auf jeden Fall das ich 2 Verseuchte Dateien auf meinem Rechner habe, aber kann ich ihn jetzt noch retten !?

Mit freundlichen Grüßen
Petra

cosinus 24.04.2010 16:57
Hallo und :hallo:

Zitat:
Aber leider kam folgende Meldung bei mir und nicht der Text wie in HijackThis Anleitung beschrieben:
Hast Du Vista oder Win7? Da musst Du solche Tools wie Hijackthis und so über Rechtsklick, als Administrator starten.

Bitte nun einen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Petra78 24.04.2010 20:58
Zitat:
Zitat von cosinus (Beitrag 519881)
Hast Du Vista oder Win7? Da musst Du solche Tools wie Hijackthis und so über Rechtsklick, als Administrator starten.
Zitat:
Zitat von Petra78 (Beitrag 519833)
Ich wollte das Programm dann als Administrator ausführen, aber immer wenn ich rechtsklick mache (habe Vista) erscheint nichts mit Administrator ausführen.
Hier ist nun der geforderte Log mit Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4032

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.04.2010 21:30:05
mbam-log-2010-04-24 (21-30-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 208895
Laufzeit: 56 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://flvdirect.iamwired.net/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\7-PDF\7-PDF Maker\lib\App\OOo\URE\bin\unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\Pgk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Info: Bestimmte Objekte konnten nicht entfernt werden. Eine Logdatei wurde im Logdatei-Verzeichnis gespeichert.

Petra78 24.04.2010 21:01
Anschließend der OTL Log:

OTL logfile created on: 24.04.2010 21:42:21 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,64 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Join Air\AssistantServices.exe ()
PRC - C:\Program Files\Join Air\UIExec.exe ()
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18
FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 12:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.20 02:29:14 | 000,000,000 | ---D | M]

[2009.12.16 23:08:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010.04.24 04:08:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\79jwbfte.default\extensions
[2009.12.17 00:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\79jwbfte.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.27 03:19:55 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\79jwbfte.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.22 23:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.04.05 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com
[2010.03.16 00:09:00 | 000,000,266 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\79jwbfte.default\searchplugins\Search.xml
[2010.03.30 22:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\user\AppData\Local\Temp\Pgk.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.24 21:40:07 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010.04.24 20:28:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010.04.24 20:28:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.24 20:28:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.24 20:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.24 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.24 04:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010.04.23 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\MGM
[2010.04.22 23:01:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\QuickScan
[2010.04.17 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Latte!
[2010.04.15 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Eigene WinZip-Dateien
[2010.04.15 18:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010.04.15 18:32:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\7-PDFMaker
[2010.04.15 18:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-PDF
[2010.04.15 18:26:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\RoNaSoft.de
[2010.04.15 16:09:21 | 000,000,000 | ---D | C] -- C:\Games
[2010.04.15 12:44:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EleFun Games
[2010.04.14 22:28:56 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 22:28:56 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 22:28:42 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 22:28:21 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 22:28:21 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 13:32:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\URSE Games
[2010.04.13 03:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GameXzone
[2010.04.13 03:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyRealGames.com
[2010.04.08 01:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
[2010.04.08 01:47:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\StreamTorrent
[2010.04.05 02:59:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\TVU Networks
[2010.04.05 02:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010.04.05 02:56:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.05 01:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010.03.31 12:30:38 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:30:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 12:30:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:30:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:30:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 12:30:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:30:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 12:30:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:30:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 12:30:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 12:30:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 12:30:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 12:30:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:30:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.31 12:30:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.30 22:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.30 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.03.30 22:14:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.30 22:14:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.30 22:14:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.26 20:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.24 21:44:17 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.24 21:44:17 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.24 21:44:17 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.24 21:44:17 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.24 21:44:17 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.24 21:41:21 | 002,097,152 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
[2010.04.24 21:40:09 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010.04.24 21:37:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.24 21:37:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.24 21:37:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.24 21:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.24 21:37:35 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.24 21:36:59 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.24 21:36:59 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.24 21:36:26 | 006,291,456 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010.04.24 21:21:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000UA.job
[2010.04.24 20:28:12 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.24 04:38:29 | 000,002,611 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2010.04.24 01:21:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000Core.job
[2010.04.23 19:55:03 | 000,000,515 | ---- | M] () -- C:\Users\user\Desktop\MINIGOLF - Verknüpfung.lnk
[2010.04.21 00:24:54 | 000,002,037 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2010.04.20 02:29:15 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.17 18:56:53 | 000,000,736 | ---- | M] () -- C:\Users\user\Desktop\Latte! - Verknüpfung.lnk
[2010.04.15 18:32:24 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\7-PDF Maker.lnk
[2010.04.15 15:43:38 | 000,000,951 | ---- | M] () -- C:\Users\user\Desktop\Sky Fight.lnk
[2010.04.15 12:43:37 | 000,001,004 | ---- | M] () -- C:\Users\user\Desktop\Egyptian Ball.lnk
[2010.04.15 12:03:54 | 000,001,008 | ---- | M] () -- C:\Users\user\Desktop\Fun And Bullets.lnk
[2010.04.15 11:57:27 | 000,000,951 | ---- | M] () -- C:\Users\user\Desktop\Mini Golf.lnk
[2010.04.14 13:31:20 | 000,000,944 | ---- | M] () -- C:\Users\user\Desktop\Gem Ball.lnk
[2010.04.13 03:13:55 | 000,000,975 | ---- | M] () -- C:\Users\user\Desktop\Tibet Quest.lnk
[2010.04.08 01:47:44 | 000,000,874 | ---- | M] () -- C:\Users\user\Desktop\StreamTorrent 1.0.lnk
[2010.04.05 01:01:58 | 000,000,748 | ---- | M] () -- C:\Users\user\Desktop\SopCast.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 21:01:13 | 000,005,239 | ---- | M] () -- C:\Users\user\.recently-used.xbel
[2010.03.26 20:51:26 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.24 20:28:12 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.24 04:27:40 | 000,002,611 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2010.04.23 19:55:03 | 000,000,515 | ---- | C] () -- C:\Users\user\Desktop\MINIGOLF - Verknüpfung.lnk
[2010.04.17 18:56:53 | 000,000,736 | ---- | C] () -- C:\Users\user\Desktop\Latte! - Verknüpfung.lnk
[2010.04.15 18:32:24 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\7-PDF Maker.lnk
[2010.04.15 15:43:38 | 000,000,951 | ---- | C] () -- C:\Users\user\Desktop\Sky Fight.lnk
[2010.04.15 12:43:37 | 000,001,004 | ---- | C] () -- C:\Users\user\Desktop\Egyptian Ball.lnk
[2010.04.15 12:03:54 | 000,001,008 | ---- | C] () -- C:\Users\user\Desktop\Fun And Bullets.lnk
[2010.04.15 11:57:27 | 000,000,951 | ---- | C] () -- C:\Users\user\Desktop\Mini Golf.lnk
[2010.04.14 13:31:20 | 000,000,944 | ---- | C] () -- C:\Users\user\Desktop\Gem Ball.lnk
[2010.04.13 03:13:55 | 000,000,975 | ---- | C] () -- C:\Users\user\Desktop\Tibet Quest.lnk
[2010.04.08 01:47:44 | 000,000,874 | ---- | C] () -- C:\Users\user\Desktop\StreamTorrent 1.0.lnk
[2010.04.05 01:01:58 | 000,000,748 | ---- | C] () -- C:\Users\user\Desktop\SopCast.lnk
[2010.03.26 21:01:13 | 000,005,239 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2010.03.26 20:51:26 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.03.16 00:18:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.25 20:47:50 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.09.24 00:15:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.14 08:08:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

Petra78 24.04.2010 21:02
UND:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.04.2010 21:42:21 - Run 1
OTL by OldTimer - Version 3.2.2.0    Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 166,64 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3ED0DA1F-C2BF-45AF-942D-B701222E2210}" = lport=139 | protocol=6 | dir=in | app=system |
"{4283ACAB-BBC6-4928-88A5-41077B2BA092}" = rport=137 | protocol=17 | dir=out | app=system |
"{49B658DD-CE07-4609-8A1D-6FAF19413A74}" = lport=138 | protocol=17 | dir=in | app=system |
"{49B6D2F0-B127-4A8F-890D-BF267F101EB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{527AE066-1A27-45B9-9C04-A4AD5A9AD11E}" = rport=139 | protocol=6 | dir=out | app=system |
"{54B7E53F-249F-48D8-9F39-6A68010C3E12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54C965DB-0263-4FE0-A822-0DA25A1392B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{BAB3DD93-E7EA-4A83-8A1D-0D189CCDF0E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{CE60F459-ECD3-4E0E-ABF0-95F1B59AF4D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{F645BE02-F9FC-4ED1-9C4D-3CB9643A68AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1591B78B-D488-40B8-8639-DDF8F0CF1B9A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{43CF36E3-EE8F-4050-BB29-4FB8E3E114A6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{5AE33398-2833-47DF-BE2C-5F1AF11A7964}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6A1C00B6-5A6D-4E88-AA5C-7CCB66BE001A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6C358D63-EF0B-40BC-B22C-18AA18FE4168}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D98E2E3-67A1-42A4-A319-84A25E789D84}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{749FCB3D-B705-46CE-899A-53853E42C48A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{99E9304F-23E5-40B3-996D-7D837B3DFB66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9F72B063-4A1F-4614-A5B9-E0E9C598DAB0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{AA102975-87AB-4EA1-8D38-B76656C43565}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{B905EEB7-1DCF-4035-8E7C-C04770CC392F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E1DB75E3-F5BC-4459-9995-77243335F746}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{E2720A88-37DD-47B3-8743-E35BBCB6B897}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{E763C537-DB4E-4137-A2D8-A511AC93EE09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{012CF062-3C97-4E46-82B9-19832F632CBD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1128B8C4-42B4-48D4-96C6-B7B6820AD6A3}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{121755E1-DBA6-432C-9A18-56C95129BAF0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{213EF35B-20BE-4D39-875C-8D0ADF3D6D04}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{5D06D591-2FAB-4CEF-9E7D-0E29E3944DD4}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{69617AD0-459C-4E53-9D84-67B0B5B82546}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{758CAFD2-7A15-43CF-833A-6F448DFEE54F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A775C90D-BD86-49E1-8145-AB8A3BAF92E5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DC641BE6-9C4E-4CEF-A750-5E751095775D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F917F689-E48B-4F11-BF76-AC68CF6BA2A0}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{342E93AA-0EFE-4265-8328-AB3E5255EB4D}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{472CD4D6-709E-4BB6-BED6-3C950CACFC28}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66F5F770-615F-4DA1-894B-07A7A61BA0E1}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{810874F5-5E61-4E85-9AAB-DF2C6E9C7399}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8B144B15-37DE-4511-83AE-E2BB285D4919}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9085A2AF-B686-4264-B7BB-09F0AC8C076B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{97574C74-2901-4C2E-AB8F-F22AC55CCF4F}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{B378E594-252D-44B7-A1CF-88E054662352}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D80DAC7C-0C63-491F-BDD7-DA15AB1528F8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F5E23D80-6BE6-4666-A69E-F6BD406D5D5A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1CD220E7-1512-A5E1-327F-9607587B75AD}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{3E5948BC-A071-3C35-7DC4-31F5F293F35B}" = Catalyst Control Center Graphics Full New
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{43EA3C14-C1F7-A093-1F4D-362A09F9A63B}" = CCC Help German
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{462F002C-0A03-6C5F-3475-228396D8F2AB}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62D917DF-16DE-4383-9239-8C8BA06EB829}" = OpenOffice.org 3.1
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB19E5E-2AD7-B464-3B80-FB0CD8C504FB}" = Catalyst Control Center Graphics Full Existing
"{7C379BEF-4E12-3224-B2E8-513363B99181}" = ccc-utility
"{8AD67572-0AE2-0CAC-CD8B-17FBAC973901}" = ATI Catalyst Install Manager
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95ED7549-7C66-A618-3100-B6999F6A79A4}" = Catalyst Control Center Localization German
"{960EED1D-8F37-9EF5-C2F2-19C19983658B}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{ABC80104-036E-6193-566F-4308420A4005}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE7AE5E-A8D1-05CF-5383-E5DC68486A54}" = Skins
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.5 (Build 164)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Egyptian Ball_is1" = Egyptian Ball
"Fun And Bullets_is1" = Fun And Bullets
"Gem Ball_is1" = Gem Ball
"JDownloader" = JDownloader
"Latte! Fußballmanagement pur" = Latte! Fußballmanagement pur
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Golf_is1" = Mini Golf
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Orb" = Winamp Remote
"Prism" = Prism Video Converter
"Sky Fight_is1" = Sky Fight
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 3.2.9
"Streamripper" = Streamripper (Remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"Tibet Quest_is1" = Tibet Quest
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2010 22:15:09 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 22.04.2010 17:10:23 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 23.04.2010 14:13:36 | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = Programm MINIGOLF.EXE, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 11c4  Anfangszeit: 01cae3109488a6b8  Zeitpunkt der Beendigung:
 141
 
Error - 23.04.2010 16:31:37 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung java.exe, Version 6.0.190.4, Zeitstempel 0x4b960e06,
 fehlerhaftes Modul java.dll, Version 6.0.190.4, Zeitstempel 0x4b963ed1, Ausnahmecode
 0xc0000005, Fehleroffset 0x00004e46,  Prozess-ID 0xaf4, Anwendungsstartzeit 01cae323f8315648.
 
Error - 23.04.2010 16:32:09 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung java.exe, Version 6.0.190.4, Zeitstempel 0x4b960e06,
 fehlerhaftes Modul java.dll, Version 6.0.190.4, Zeitstempel 0x4b963ed1, Ausnahmecode
 0xc0000005, Fehleroffset 0x00004e46,  Prozess-ID 0x14e0, Anwendungsstartzeit 01cae3240bd3bc18.
 
Error - 23.04.2010 18:04:21 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Pgk.exe, Version 0.0.0.0, Zeitstempel 0x4bcc4c7a,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x002a3961,  Prozess-ID 0x1650, Anwendungsstartzeit 01cae330c3be4aa8.
 
Error - 23.04.2010 22:24:03 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Pgk.exe, Version 0.0.0.0, Zeitstempel 0x4bcc4c7a,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x0027a000,  Prozess-ID 0x1140, Anwendungsstartzeit 01cae35511ebf418.
 
Error - 23.04.2010 23:26:19 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 24.04.2010 11:53:46 | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = Programm MINIGOLF.EXE, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1448  Anfangszeit: 01cae3c63599feb1  Zeitpunkt der Beendigung:
 125
 
Error - 24.04.2010 12:41:34 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Pgk.exe, Version 0.0.0.0, Zeitstempel 0x4bcc4c7a,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00282000,  Prozess-ID 0x788, Anwendungsstartzeit 01cae3cccaed7221.
 
[ System Events ]
Error - 24.11.2009 23:30:29 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.11.2009 10:22:58 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.11.2009 10:34:15 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.11.2009 10:36:48 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.11.2009 11:40:01 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.11.2009 14:05:46 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.11.2009 00:47:51 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26.11.2009 12:08:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.11.2009 23:40:51 | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =
 
Error - 27.11.2009 06:53:37 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 25.04.2010 13:27
Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
:OTL
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\user\AppData\Local\Temp\Pgk.exe File not found
:Commands
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfilemüsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

Petra78 25.04.2010 13:49
So, habe ich gemacht:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 32113051 bytes
->Temporary Internet Files folder emptied: 400859888 bytes
->Java cache emptied: 56080494 bytes
->FireFox cache emptied: 98077216 bytes
->Google Chrome cache emptied: 11646930 bytes
->Flash cache emptied: 434940 bytes
 
%systemdrive% .tmp files removed: 294283270 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9965361 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 862,00 mb
 
 
OTL by OldTimer - Version 3.2.2.0 log created on 04252010_144005

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 25.04.2010 14:16
Ok. Das mit dem Rechtsklick, als Administrator ausführen muss ich in Deinem ersten Beitrag irgendwie überlesen haben, klappt das jetzt wieder?

Unabhängig davon ob das klappt oder nicht, bitte ein Log mit CF machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Petra78 25.04.2010 14:24
Zitat:
Zitat von cosinus (Beitrag 520032)
Ok. Das mit dem Rechtsklick, als Administrator ausführen muss ich in Deinem ersten Beitrag irgendwie überlesen haben, klappt das jetzt wieder?
Nein, es klappt leider immernoch noch nicht.

Nur als kleine zusätzliche Info, die Fenster (IE) mit der Werbung gehen nicht mehr auf. :daumenhoc

Ich werde nun das ComboFix downloaden, installieren und ausführen.

Petra78 25.04.2010 15:06
So, ebenfalls erledigt. Kann ich nun den Schutz wieder einschalten?


Code:
ComboFix 10-04-21.01 - user 25.04.2010  15:48:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1214 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1351 [VPS 090916-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
(((((((((((((((((((((((  Dateien erstellt von 2010-03-25 bis 2010-04-25  ))))))))))))))))))))))))))))))
.

2010-04-25 13:55 . 2010-04-25 13:56        --------        d-----w-        c:\users\user\AppData\Local\temp
2010-04-25 13:55 . 2010-04-25 13:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-04-25 12:40 . 2010-04-25 12:40        --------        d-----w-        C:\_OTL
2010-04-24 18:28 . 2010-04-24 18:28        --------        d-----w-        c:\users\user\AppData\Roaming\Malwarebytes
2010-04-24 18:28 . 2010-03-29 13:24        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 18:28 . 2010-04-24 18:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-04-24 18:28 . 2010-04-24 18:28        --------        d-----w-        c:\programdata\Malwarebytes
2010-04-24 18:28 . 2010-03-29 13:24        20824        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-04-24 02:27 . 2010-04-24 02:27        388096        ----a-r-        c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-22 21:01 . 2010-04-25 11:08        --------        d-----w-        c:\users\user\AppData\Roaming\QuickScan
2010-04-22 21:00 . 2010-04-13 13:58        670696        ----a-w-        c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-22 21:00 . 2010-04-13 13:58        833960        ----a-w-        c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-17 16:53 . 2010-04-17 16:53        --------        d-----w-        c:\program files\Latte!
2010-04-15 16:58 . 2010-04-15 22:06        --------        d-----w-        c:\programdata\WinZip
2010-04-15 16:32 . 2010-04-15 16:32        --------        d-----w-        c:\users\user\AppData\Roaming\7-PDFMaker
2010-04-15 16:32 . 2010-04-15 16:32        --------        d-----w-        c:\program files\7-PDF
2010-04-15 16:26 . 2010-04-15 16:26        --------        d-----w-        c:\users\user\AppData\Roaming\RoNaSoft.de
2010-04-15 14:09 . 2010-04-15 22:05        --------        d-----w-        C:\Games
2010-04-15 10:44 . 2010-04-15 10:44        --------        d-----w-        c:\users\user\AppData\Roaming\EleFun Games
2010-04-14 20:29 . 2010-02-23 11:10        212992        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:29 . 2010-02-23 11:10        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:29 . 2010-02-23 11:10        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:28 . 2010-02-18 14:07        3600776        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-04-14 20:28 . 2010-02-18 14:07        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-04-14 20:28 . 2010-03-05 14:01        420352        ----a-w-        c:\windows\system32\vbscript.dll
2010-04-14 20:28 . 2010-02-18 14:07        904576        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:28 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2010-04-14 20:28 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:32 . 2010-04-15 10:08        --------        d-----w-        c:\users\user\AppData\Roaming\URSE Games
2010-04-14 10:40 . 2010-01-13 17:34        98304        ----a-w-        c:\windows\system32\cabview.dll
2010-04-14 09:59 . 2009-12-23 11:33        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-04-13 01:16 . 2010-04-13 01:16        --------        d-----w-        c:\programdata\GameXzone
2010-04-13 01:13 . 2010-04-15 13:43        --------        d-----w-        c:\program files\MyRealGames.com
2010-04-07 23:47 . 2010-04-07 23:47        --------        d-----w-        c:\users\user\AppData\Roaming\StreamTorrent
2010-04-07 23:47 . 2010-04-07 23:47        --------        d-----w-        c:\program files\StreamTorrent 1.0
2010-04-05 00:59 . 2010-04-05 00:59        --------        d-----w-        c:\users\user\AppData\Local\TVU Networks
2010-04-05 00:59 . 2010-04-05 00:59        --------        d-----w-        c:\programdata\TVU Networks
2010-04-05 00:56 . 2010-04-05 00:58        --------        d-----w-        c:\windows\system32\TVUAx
2010-04-04 23:01 . 2010-04-04 23:03        --------        d-----w-        c:\program files\SopCast
2010-03-30 20:14 . 2010-03-30 20:14        --------        d-----w-        c:\program files\Common Files\Java
2010-03-26 18:51 . 2010-03-26 18:51        --------        d-----w-        c:\program files\GIMP-2.0

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 12:48 . 2009-09-14 15:41        618442        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-25 12:48 . 2009-09-14 15:41        122648        ----a-w-        c:\windows\system32\perfc007.dat
2010-04-20 00:18 . 2009-12-03 21:59        1        ----a-w-        c:\users\user\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-15 01:04 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-03-30 20:14 . 2009-09-18 23:44        --------        d-----w-        c:\program files\Java
2010-03-26 19:01 . 2009-12-02 16:55        --------        d-----w-        c:\users\user\AppData\Roaming\gtk-2.0
2010-03-21 03:04 . 2010-03-16 23:00        --------        d-----w-        c:\program files\HmelyoffLabs
2010-03-20 18:59 . 2010-03-15 01:38        --------        d-----w-        c:\users\user\AppData\Roaming\vlc
2010-03-19 12:15 . 2010-03-18 22:28        --------        d-----w-        c:\program files\JDownloader
2010-03-18 16:59 . 2010-03-18 16:59        --------        d-----w-        c:\users\user\AppData\Roaming\TeamViewer
2010-03-18 16:59 . 2010-03-18 16:59        --------        d-----w-        c:\program files\TeamViewer
2010-03-18 13:17 . 2010-03-18 13:17        --------        d-----w-        c:\users\user\AppData\Roaming\streamripper
2010-03-18 13:14 . 2010-03-18 13:14        --------        d-----w-        c:\program files\Streamripper
2010-03-17 14:07 . 2010-03-17 05:23        --------        d-----w-        c:\programdata\OrbNetworks
2010-03-17 05:52 . 2010-03-17 05:23        --------        d-----w-        c:\users\user\AppData\Roaming\Winamp
2010-03-17 05:25 . 2010-03-17 05:23        --------        d-----w-        c:\program files\Winamp
2010-03-17 05:23 . 2010-03-17 05:23        --------        d-----w-        c:\program files\Winamp Detect
2010-03-17 05:23 . 2010-03-17 05:23        --------        d-----w-        c:\program files\Winamp Remote
2010-03-17 05:23 . 2009-12-20 21:43        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2010-03-16 20:11 . 2010-03-16 14:44        --------        d-----w-        c:\program files\NCH Software
2010-03-16 20:11 . 2010-03-16 20:11        --------        d-----w-        c:\users\user\AppData\Roaming\NCH Swift Sound
2010-03-16 20:11 . 2010-03-16 20:11        --------        d-----w-        c:\program files\NCH Swift Sound
2010-03-16 14:51 . 2010-03-16 14:51        --------        d-----w-        c:\users\user\AppData\Roaming\NCH Software
2010-03-16 14:49 . 2010-03-16 14:49        --------        d-----w-        c:\programdata\NCH Software
2010-03-15 22:18 . 2010-03-15 22:18        --------        d-----w-        c:\program files\AviSynth 2.5
2010-03-15 17:24 . 2010-03-15 17:22        --------        d-----w-        c:\program files\ManyCam 2.4
2010-03-15 17:24 . 2010-03-15 17:22        --------        d-----w-        c:\users\user\AppData\Roaming\ManyCam
2010-03-15 01:37 . 2010-03-15 01:37        --------        d-----w-        c:\program files\VideoLAN
2010-03-09 02:28 . 2009-09-18 23:44        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-03-03 12:56 . 2010-03-02 18:38        --------        d-----w-        c:\program files\Common Files\Teleca Shared
2010-03-03 12:15 . 2010-03-03 12:15        --------        d-----w-        c:\program files\MSXML 4.0
2010-03-02 19:28 . 2010-03-02 19:28        --------        d-----w-        c:\users\user\AppData\Roaming\Teleca
2010-03-02 18:39 . 2010-03-02 18:39        --------        d-----w-        c:\users\user\AppData\Roaming\Sony Ericsson
2010-02-26 06:06 . 2010-02-26 06:06        2626360        ----a-w-        c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 12:12 . 2009-09-14 05:53        82664        ----a-w-        c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-11-16 11:10        181632        ------w-        c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 10:30        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 10:30        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 10:30        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 10:30        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 21:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 21:39        30720        ----a-w-        c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 21:39        411648        ----a-w-        c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-25 11:26        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-01-25 18:47 . 2010-01-25 18:47        138328        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 18:47 . 2010-01-25 18:47        214816        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-01-25 18:47 . 2010-01-25 18:47        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):31,75,8b,f9,1b,3d,ca,01

R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 00:16]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 00:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\79jwbfte.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-25 15:56
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-25  15:59:00
ComboFix-quarantined-files.txt  2010-04-25 13:58

Vor Suchlauf: 9 Verzeichnis(se), 179.599.007.744 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 179.545.485.312 Bytes frei

- - End Of File - - 288B62EA112F2FF26DC034BB1EBE88F6

cosinus 25.04.2010 15:10
Das Log sieht ok aus. Noch Probleme mit dem Rechner? Ich vermute, das mit dem Rechtsklick als Admin ausführen geht immer noch nicht. Geht das grundsätzlich nicht mehr oder nur bei Hijackthis? :confused:

mach bitte zur Kontrolle auch Logs mit OSAM und GMER und poste sie.

Petra78 25.04.2010 15:19
Zitat:
Zitat von cosinus (Beitrag 520072)
Das Log sieht ok aus. Noch Probleme mit dem Rechner? Ich vermute, das mit dem Rechtsklick als Admin ausführen geht immer noch nicht. Geht das grundsätzlich nicht mehr oder nur bei Hijackthis? :confused:
Der Rechner ist nun ok, er macht nun keine Probleme mehr :daumenhoc

Nur HijackThis kann ich nicht mit Rechtsklick als Administrator öffnen.

Erstelle nun die geforderten Logs.

cosinus 25.04.2010 15:28
Bei Hijackthis können wir das eh vernachlässigen, das Tool ist ziemlich in die Jahre gekommen und reicht für Analysen bei der heutigen Malware nicht mehr aus.

Petra78 25.04.2010 15:57
Hier nun das osam Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:27:01 on 25.04.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000Core.job" - "Google Inc." - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-4201475959-196226615-1442939389-1000UA.job" - "Google Inc." - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\Windows\System32\DRIVERS\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "ALWIL Software" - C:\Windows\System32\DRIVERS\aswMonFlt.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\Windows\system32\drivers\aswRdr.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\Windows\system32\drivers\aswTdi.sys
"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\Windows\system32\drivers\aswSP.sys
"catchme" (catchme) - ? - C:\Users\user\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mbr" (mbr) - ? - C:\Users\user\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Sony Ericsson Device 125 driver (WDM)" (s125bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s125bus.sys
"Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)" (s125mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s125mgmt.sys
"Sony Ericsson Device 125 USB WMC Modem Driver" (s125mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s125mdm.sys
"Sony Ericsson Device 125 USB WMC Modem Filter" (s125mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s125mdfl.sys
"Sony Ericsson Device 125 USB WMC OBEX Interface" (s125obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s125obex.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Program Files\Alwil Software\Avast4\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10d.ocx / https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ManyCam" - "ManyCam LLC" - "C:\Program Files\ManyCam 2.4\ManyCam.exe"
"Orb" - "Orb Networks" - "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"StartCCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe"  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast4\ashServ.exe
"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und das gmer Log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-25 16:50:03
Windows 6.0.6002 Service Pack 2
Running: tut7d524.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

?              C:\Users\user\AppData\Local\Temp\catchme.sys                                                                  Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                    Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\services.exe[672] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00130002
IAT            C:\Windows\system32\services.exe[672] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00130000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

cosinus 25.04.2010 19:34
Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:48 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131