Wie Rootkit.Bubnix entfernen? |
||
---|---|---|
#0
| ||
22.07.2010, 22:15
Member
Themenstarter Beiträge: 32 |
||
|
||
22.07.2010, 22:40
Member
Themenstarter Beiträge: 32 |
#17
Der Gmer Scan funktionierte nicht. Nach ca 2 Minuten stoppte der Scan an der Stelle: "/Device/HarddiskVolumeShadowCopy1" und es öffnete sich ein Fenster mit der Nachricht: "Gmer funktioniert nicht mehr". Als ich das Programm anschließend erneut öffnen wollte, wurde der Bildschirm kurz blau, bevor der Computer neu startete.
Nach dem Neustart startete ich das Programm und den Scan erneut. Der Scan stoppte an der gleichen Stelle und das Fenster: "Gmer funktionierte nicht mehr" erschien. |
|
|
||
22.07.2010, 22:52
Member
Beiträge: 420 |
#18
Ist wahrscheinlich Emulationssoftware, die da dazwischen funkt.
1. Lasse bitte erneut Malwarebytes laufen, Aktualisierung nicht vergessen. 2. Panda ActiveScan2.0 http://www.pandasecurity.com/homeusers/solutions/activescan/ Klicke auf Scan your PC now Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen. Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten. 3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt) |
|
|
||
23.07.2010, 14:05
Member
Themenstarter Beiträge: 32 |
#19
Malwarebytes hat keine infizierten Objekte gefunden.
ActiveScan hat 5 Bedrohungen (Cookies) und eine verdächtige Datei (Webcan Datei) gefunden. Habe bei der verdächtigen Datei erstamal nichts unternommen (nicht auf "An das Labor senden" oder "Desinfektionsempfehlung" geklickt. Hier die Panda ActiveScan Textdatei: ;*********************************************************************************************************************************************************************************** ANALYSIS: 2010-07-23 13:48:51 PROTECTIONS: 1 MALWARE: 5 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AntiVir Desktop Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@atdmt[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@tradedoubler[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@bs.serving-sys[2].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== No c:\program files\philips\camsuite\1.0.9.0\acpgui.dll ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Hier das OTL.txt Log: OTL logfile created on: 23.07.2010 13:51:47 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Program Files\oldtimer Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 64,56 Gb Free Space | 27,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-PC Current User Name: Chris Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe PRC - [2010.07.21 22:54:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.06.28 22:48:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.02 00:53:16 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.03.02 00:53:16 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.13 19:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_timer.exe PRC - [2009.05.13 19:33:22 | 000,098,304 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_agent.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe PRC - [2008.06.11 13:28:24 | 000,815,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll PRC - [2008.02.22 15:30:04 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc1030.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.11.23 08:23:02 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.02 00:53:16 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009.01.02 17:03:50 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe -- (ACPService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 23:53:44 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.01.02 16:48:09 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.06.15 19:44:34 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.06.11 18:37:10 | 003,035,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spc1030.sys -- (SPC1030) USB2.0 PC Camera (SPC1030) DRV - [2008.05.07 11:40:00 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr) DRV - [2008.05.03 05:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.27 14:07:38 | 002,022,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.09.17 17:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.22 16:58:10 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.22 16:58:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.22 16:58:10 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://de.yahoo.com/" FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:54:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 22:54:24 | 000,000,000 | ---D | M] [2008.06.22 00:12:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2010.07.22 18:09:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions [2010.04.28 17:20:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.28 17:20:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010.04.28 17:20:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.04.17 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\firegestures@xuldev.org [2009.04.05 19:42:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\moveplayer@movenetworks.com [2010.07.22 18:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.05.03 22:50:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.12 18:06:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.12 18:06:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 18:06:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 18:06:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 18:06:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.22 20:47:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe (phonostar) O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fh-bochum.de ([std-info] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010.07.23 13:39:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010.07.23 13:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010.07.23 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\activescan [2010.07.22 20:50:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.07.22 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp [2010.07.22 20:30:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.07.22 20:30:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.07.22 20:30:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.07.22 20:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.07.22 20:26:29 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.07.22 20:26:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.07.22 20:25:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.07.22 18:21:00 | 000,000,000 | ---D | C] -- C:\_OTL [2010.07.22 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\oldtimer [2010.07.22 15:28:06 | 000,000,000 | ---D | C] -- C:\Avenger [2010.07.22 15:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\avenger [2010.07.22 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\rootrepeal [2010.07.22 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird-Dateien [2010.07.22 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Gmer [2010.07.22 10:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\HJT [2010.07.22 00:16:29 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe [2010.07.21 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes [2010.07.21 23:29:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.21 23:29:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.21 23:27:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe [2010.07.20 13:44:23 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe [2010.07.01 22:31:56 | 006,164,800 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe [2010.06.29 00:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.29 00:01:04 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe [2010.06.27 17:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.27 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.06.27 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.06.14 12:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.06.14 12:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.05.31 17:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\mpDRM [2010.05.31 17:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mpDRM [2010.05.31 17:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\fluxDVD [2010.05.31 17:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\fluxDVD [2010.05.31 17:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Videoload Manager [2010.05.06 15:54:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2009.05.18 15:12:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010.07.23 13:51:41 | 003,932,160 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT [2010.07.23 13:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job [2010.07.23 13:28:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.07.23 13:25:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.23 13:25:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 13:25:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 13:25:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.23 13:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.23 13:25:05 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 00:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms [2010.07.23 00:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf [2010.07.23 00:49:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.23 00:48:57 | 002,471,592 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db [2010.07.23 00:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.22 22:22:00 | 262,870,821 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.22 21:59:11 | 000,087,608 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\inst.exe [2010.07.22 21:59:11 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys [2010.07.22 21:59:11 | 000,007,887 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat [2010.07.22 21:59:11 | 000,001,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf [2010.07.22 20:47:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.07.22 20:47:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.07.22 20:21:26 | 003,741,082 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe [2010.07.22 14:09:09 | 000,066,421 | ---- | M] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm [2010.07.22 10:51:24 | 000,001,956 | ---- | M] () -- C:\Users\Chris\Desktop\HJT.lnk [2010.07.22 00:16:32 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe [2010.07.21 23:29:39 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.21 23:27:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe [2010.07.21 19:42:28 | 000,225,280 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.13 23:35:18 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.12 23:53:33 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.07.10 15:08:49 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.10 15:08:49 | 000,616,010 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.10 15:08:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.10 15:08:49 | 000,122,110 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.10 15:08:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.09 16:12:22 | 000,001,394 | ---- | M] () -- C:\Users\Chris\Desktop\DivX Movies.lnk [2010.07.09 16:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.01 22:33:16 | 000,000,914 | ---- | M] () -- C:\Users\Chris\Desktop\Free FLV Converter.lnk [2010.07.01 22:31:59 | 006,164,800 | ---- | M] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe [2010.06.30 17:57:28 | 000,059,862 | ---- | M] () -- C:\Program Files\huggiesjeans.jpg [2010.06.29 00:02:47 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe [2010.06.28 22:50:09 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.06.28 22:48:57 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.06.15 17:12:33 | 000,053,476 | ---- | M] () -- C:\Users\Chris\Documents\Aprikosensorbet.pdf [2010.06.15 17:11:52 | 000,054,458 | ---- | M] () -- C:\Users\Chris\Documents\Pfannenbrot.pdf [2010.06.15 17:09:11 | 000,042,472 | ---- | M] () -- C:\Users\Chris\Documents\Schokokuechlein.pdf [2010.06.15 13:29:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.06.14 12:42:59 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.06.08 11:30:38 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe [2010.06.08 00:21:50 | 000,075,776 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.06.08 00:19:15 | 000,053,573 | ---- | M] () -- C:\Users\Chris\Documents\SalatButtermilchdressing.pdf [2010.06.08 00:15:56 | 000,039,939 | ---- | M] () -- C:\Users\Chris\Documents\Spaghetti_Tomatensauce_Fleischbaellchen.pdf [2010.06.08 00:14:48 | 000,041,349 | ---- | M] () -- C:\Users\Chris\Documents\Hack_Calzone.pdf [2010.06.08 00:12:27 | 000,043,651 | ---- | M] () -- C:\Users\Chris\Documents\Serviettenknoedel.pdf [2010.06.08 00:09:44 | 000,042,942 | ---- | M] () -- C:\Users\Chris\Documents\Kartoffelgratin.pdf [2010.06.08 00:06:18 | 000,037,362 | ---- | M] () -- C:\Users\Chris\Documents\Apfelmus.pdf [2010.06.08 00:04:57 | 000,042,590 | ---- | M] () -- C:\Users\Chris\Documents\CremeBrulee.pdf [2010.06.08 00:04:27 | 000,040,100 | ---- | M] () -- C:\Users\Chris\Documents\Ziegenfrischkaese_Mousse.pdf [2010.06.08 00:00:40 | 000,043,554 | ---- | M] () -- C:\Users\Chris\Documents\Ofenschlupfer.pdf [2010.06.07 23:59:49 | 000,043,798 | ---- | M] () -- C:\Users\Chris\Documents\RicottaKaesekuchen.pdf [2010.06.04 17:01:12 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.06.03 00:38:45 | 000,293,106 | ---- | M] () -- C:\Users\Chris\.recently-used.xbel [2010.05.22 13:04:47 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.13 23:16:24 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 18:14:20 | 000,000,063 | ---- | M] () -- C:\Users\Chris\.gtk-bookmarks [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.22 21:59:11 | 000,087,608 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe [2010.07.22 20:30:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.07.22 20:30:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.07.22 20:30:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.07.22 20:30:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.07.22 20:30:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.07.22 20:21:25 | 003,741,082 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe [2010.07.22 15:21:35 | 000,731,136 | ---- | C] () -- C:\Users\Chris\Desktop\avenger.exe [2010.07.22 14:09:06 | 000,066,421 | ---- | C] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm [2010.07.22 10:51:24 | 000,001,956 | ---- | C] () -- C:\Users\Chris\Desktop\HJT.lnk [2010.07.21 23:29:39 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.30 17:57:26 | 000,059,862 | ---- | C] () -- C:\Program Files\huggiesjeans.jpg [2010.06.28 22:50:09 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.06.27 17:30:03 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.15 17:12:33 | 000,053,476 | ---- | C] () -- C:\Users\Chris\Documents\Aprikosensorbet.pdf [2010.06.15 17:11:52 | 000,054,458 | ---- | C] () -- C:\Users\Chris\Documents\Pfannenbrot.pdf [2010.06.15 17:09:11 | 000,042,472 | ---- | C] () -- C:\Users\Chris\Documents\Schokokuechlein.pdf [2010.06.14 12:42:59 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.06.08 00:19:14 | 000,053,573 | ---- | C] () -- C:\Users\Chris\Documents\SalatButtermilchdressing.pdf [2010.06.08 00:15:56 | 000,039,939 | ---- | C] () -- C:\Users\Chris\Documents\Spaghetti_Tomatensauce_Fleischbaellchen.pdf [2010.06.08 00:14:48 | 000,041,349 | ---- | C] () -- C:\Users\Chris\Documents\Hack_Calzone.pdf [2010.06.08 00:12:26 | 000,043,651 | ---- | C] () -- C:\Users\Chris\Documents\Serviettenknoedel.pdf [2010.06.08 00:09:43 | 000,042,942 | ---- | C] () -- C:\Users\Chris\Documents\Kartoffelgratin.pdf [2010.06.08 00:06:17 | 000,037,362 | ---- | C] () -- C:\Users\Chris\Documents\Apfelmus.pdf [2010.06.08 00:04:56 | 000,042,590 | ---- | C] () -- C:\Users\Chris\Documents\CremeBrulee.pdf [2010.06.08 00:04:26 | 000,040,100 | ---- | C] () -- C:\Users\Chris\Documents\Ziegenfrischkaese_Mousse.pdf [2010.06.08 00:00:39 | 000,043,554 | ---- | C] () -- C:\Users\Chris\Documents\Ofenschlupfer.pdf [2010.06.07 23:59:47 | 000,043,798 | ---- | C] () -- C:\Users\Chris\Documents\RicottaKaesekuchen.pdf [2010.06.03 00:38:45 | 000,293,106 | ---- | C] () -- C:\Users\Chris\.recently-used.xbel [2010.05.22 13:04:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.28 18:14:20 | 000,000,063 | ---- | C] () -- C:\Users\Chris\.gtk-bookmarks [2010.01.20 18:37:51 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.01 23:24:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.05.29 05:11:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.05.18 15:12:07 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys [2009.05.18 15:12:07 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll [2009.05.18 15:12:07 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys [2009.05.18 15:12:07 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.08.26 14:59:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.08.18 15:37:51 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini [2008.07.01 14:44:28 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2008.06.17 10:14:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.16 11:33:52 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll [2008.06.15 19:44:34 | 000,611,064 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.15 19:44:34 | 000,142,904 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys [2008.06.15 17:35:11 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.06.15 17:35:11 | 000,004,144 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [color=#E56717]========== LOP Check ==========[/color] [2010.01.21 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\avidemux [2009.10.10 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeFLVConverter [2010.06.03 00:38:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0 [2008.08.17 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Image Zone Express [2008.06.30 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech [2010.02.04 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\phonostar GmbH [2010.07.20 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\phonostar-Player [2008.08.17 13:36:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Printer Info Cache [2009.01.02 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer [2009.06.10 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\VistaCodecs [2010.07.22 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso [2010.07.12 23:53:33 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.07.23 00:49:16 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.07.23 13:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > |
|
|
||
23.07.2010, 14:39
Member
Beiträge: 420 |
#20
Gehört wohl zu Philips CamSuit. Sagt Dir das was?
Lade bitte diese zwei Dateien Zitat C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exebei VirusTotal http://www.virustotal.com/de/ hoch und poste die Links zu den Ergebnissen. Ist aber wahrscheinlich ein Fehlalarm. |
|
|
||
23.07.2010, 15:10
Member
Themenstarter Beiträge: 32 |
#21
Philips CamSuite gehört zu meiner Webcam.
Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe: http://www.virustotal.com/de/analisis/78ba48507f25f7dca1acf66827979de73e9c5a2d9a577395304d57f384cefefb-1264010967 Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll: http://www.virustotal.com/de/analisis/4cceef5959afa67efe3403e15c82d91b2d4739dc674787b1edc0b7ccd4b5aebe-1278698941 |
|
|
||
23.07.2010, 15:52
Member
Beiträge: 420 |
#22
Ok,
ausnahmslos heuristische Erkennungen, mit ziemlicher Sicherheit ein Fehlalarm. Falls keine Probleme mehr bestehen, kommen wir zum Abschluß. 1. Könntest Du bitte die Ordner C:\_OTL und C:\Qoobox zippen, die zip-Datei auf http://www.file-upload.net/ hochladen und mir den Downloadlink per PM schicken? Das sind die Quarantäne-Ordner. Ich würde mir die Sachen ansehen und ggf. an verschiedene AV-Hersteller schicken, um die Erkennung zu verbessern. Danke Danach (sonst sind die Ordner weg): 2. Starte OTL und klicke bitte auf CleanUP 3. Hol Dir http://secunia.com/vulnerability_scanning/personal/ und halte damit Dein System auf dem neuesten Stand. 4. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar Wir sind fertig Gruß, gangren |
|
|
||
23.07.2010, 15:53
Member
Themenstarter Beiträge: 32 |
#23
Sorry, hab dir die falschen Links geschickt. Sende die richtigen Links in Kürze.
|
|
|
||
23.07.2010, 15:57
Member
Themenstarter Beiträge: 32 |
#24
Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe:
http://www.virustotal.com/de/analisis/78ba48507f25f7dca1acf66827979de73e9c5a2d9a577395304d57f384cefefb-1279892873 Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll: http://www.virustotal.com/de/analisis/4cceef5959afa67efe3403e15c82d91b2d4739dc674787b1edc0b7ccd4b5aebe-1279893253 |
|
|
||
23.07.2010, 15:59
Member
Beiträge: 420 |
#25
Immer noch kein Problem.
Siehe mein Post oben |
|
|
||
23.07.2010, 16:48
Member
Themenstarter Beiträge: 32 |
#26
Ich habe beide Ordner in eine Datei mit dem Namen _OTL.zip gepackt. Beim Zippen mit WINRAR bekam ich eine Warnmeldung/Fehlermeldung.
Daraufhin meldete sich mein Antivir. Folgende Datei wurde in Quarantäne gesteckt: Die Datei 'C:\_OTL\MovedFiles\07222010_182100\C_Windows\System32\aecachef.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]. Schreibe bitte kurz, ob die Warnmeldungen beim Zippen der Quarantäneordner normal sind, bevor ich mit OTL weitermache. Den Downloadlink schicke ich dir. |
|
|
||
23.07.2010, 16:56
Member
Beiträge: 420 |
#27
Ja, das ist normal, beim Zugriff ist Antivir "erwacht". Die Dateien werden beim Packen aber nicht ausgeführt, kein Problem.
|
|
|
||
23.07.2010, 17:23
Member
Themenstarter Beiträge: 32 |
#28
Ok, ich habe OTL CleanUp ausgeführt.
Ich bedanke mich für die großartige, superschnelle Hilfe und Deine Geduld, so dass auch ich als Laie in Sachen Viren/Trojaner die Programme und die einzelnen Schritte ausführen konnte. Mach's gut! Chris |
|
|
||
All processes killed
========== FILES ==========
c:\users\Chris\AppData\Roaming\Zyaxer folder moved successfully.
c:\users\Chris\AppData\Roaming\Yqguqo folder moved successfully.
File\Folder c:\users\Chris\AppData\Roaming\Quzi not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chris
->Temp folder emptied: 768983 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50835673 bytes
->Flash cache emptied: 713 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112161 bytes
->Java cache emptied: 31537258 bytes
->FireFox cache emptied: 3255680 bytes
->Flash cache emptied: 4509 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 83,00 mb
[EMPTYFLASH]
User: All Users
User: Chris
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Peter
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 07222010_220617
Files\Folders moved on Reboot...
C:\Windows\temp\ACPTrace\Thu Jul 22 21.52.10 2010 7979.log moved successfully.
Registry entries deleted on Reboot...