Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung

TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung


Plagegeister aller Art und deren Bekämpfung: TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.07.2010, 22:07   #10
Chinte
 
TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung - Standard

TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung


OTML.Txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2010 22:52:45 - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Mrs.Smith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 101,97 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 125,65 Gb Free Space | 90,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MRSSMITH-PC
Current User Name: Mrs.Smith
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\P4P\P4P.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Mrs.Smith\Desktop\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.4
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:13:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 21:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 19:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.26 21:37:37 | 000,000,000 | ---D | M]
 
[2009.01.13 10:41:38 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Extensions
[2010.07.26 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions
[2009.09.03 04:50:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.22 10:54:19 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Mrs.Smith\AppData\Roaming\mozilla\Firefox\Profiles\0ukcfep3.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.07.26 21:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.26 01:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.26 01:05:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.26 01:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.26 01:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.26 01:05:09 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{45F1407F-6ED4-82F5-EF23-385F11A24913}] C:\Users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mrs.Smith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mrs.Smith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5cd881d6-cb74-11de-9dc1-00235472449d}\Shell - "" = AutoRun
O33 - MountPoints2\{5cd881d6-cb74-11de-9dc1-00235472449d}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.26 21:50:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.26 21:39:30 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Local\Threat Expert
[2010.07.26 21:37:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.26 12:36:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.07.26 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\Desktop\MFTools
[2010.07.25 21:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.07.22 11:01:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.07.22 11:01:58 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.07.22 11:01:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.07.22 10:59:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.07.22 10:59:03 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.07.22 10:58:42 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.07.22 10:58:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.07.22 10:58:23 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.07.21 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\Malwarebytes
[2010.07.21 09:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.07.21 09:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.21 09:16:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 09:16:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.26 03:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.06.06 19:37:59 | 000,000,000 | ---D | C] -- C:\Users\Mrs.Smith\AppData\Roaming\Gyvay
[2010.05.10 20:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.26 22:53:43 | 006,291,456 | -HS- | M] () -- C:\Users\Mrs.Smith\ntuser.dat
[2010.07.26 22:51:52 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 22:51:52 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 22:51:51 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.26 22:51:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.26 22:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.26 22:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 22:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\Mrs.Smith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.26 22:48:50 | 001,683,939 | -H-- | M] () -- C:\Users\Mrs.Smith\AppData\Local\IconCache.db
[2010.07.26 22:20:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.26 21:55:10 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.07.26 12:36:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mrs.Smith\Desktop\OTL(2).exe
[2010.07.26 12:21:31 | 000,284,915 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.26 12:06:20 | 000,410,876 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Load.exe
[2010.07.22 11:31:53 | 000,000,680 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\d3d9caps.dat
[2010.07.22 11:15:52 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010.07.22 10:58:31 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:19:10 | 000,020,001 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 12:57:39 | 001,453,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.21 12:57:39 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.21 12:57:39 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.21 12:57:39 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.21 12:57:39 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.21 12:51:54 | 000,000,016 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.21 09:27:08 | 000,001,881 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 18:30:40 | 000,000,145 | --S- | M] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 09:03:34 | 000,004,633 | ---- | M] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.11 23:54:14 | 000,033,280 | ---- | M] () -- C:\Users\Mrs.Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 10:09:56 | 000,011,591 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | M] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
[2010.06.20 15:12:01 | 000,007,168 | ---- | M] () -- C:\Users\Mrs.Smith\Desktop\Object.xls
[2010.06.11 03:23:54 | 000,385,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.19 14:18:44 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.07.26 12:07:40 | 000,284,915 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Gmer.zip
[2010.07.26 12:06:15 | 000,410,876 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Load.exe
[2010.07.22 11:01:59 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.07.22 11:01:58 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.07.22 11:01:58 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.07.22 11:01:58 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.07.22 11:01:58 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.07.22 10:59:03 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.07.22 10:58:42 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.07.22 10:58:42 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.07.22 10:58:31 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.07.22 10:58:23 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.07.22 10:19:10 | 000,020,001 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\NOrdsee.odt
[2010.07.21 09:27:08 | 000,001,881 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\HijackThis.lnk
[2010.07.21 09:26:37 | 000,000,811 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\CCleaner.lnk
[2010.07.21 09:16:48 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 09:03:34 | 000,004,633 | ---- | C] () -- C:\Users\Mrs.Smith\.recently-used.xbel
[2010.07.20 08:37:58 | 000,000,145 | --S- | C] () -- C:\Users\Mrs.Smith\AppData\Local\1447393971.dat
[2010.07.20 08:37:52 | 000,000,016 | ---- | C] () -- C:\Users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
[2010.07.11 10:09:55 | 000,011,591 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\RefASV.odt
[2010.07.02 10:14:52 | 000,001,556 | ---- | C] () -- C:\Users\Mrs.Smith\Documents\Finanzamt0.odb
[2010.06.20 15:12:01 | 000,007,168 | ---- | C] () -- C:\Users\Mrs.Smith\Desktop\Object.xls
[2010.05.19 14:18:44 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.12.02 20:17:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 20:17:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.24 14:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.14 10:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2008.11.04 16:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.07.16 16:43:59 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hookmod.dll
 
========== LOP Check ==========
 
[2009.01.05 22:20:35 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\FRITZ!
[2010.07.20 09:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\gtk-2.0
[2010.07.21 08:31:10 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Gyvay
[2009.01.05 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\ICQ
[2009.03.19 10:42:08 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Nokia
[2009.01.05 22:05:48 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\OpenOffice.org
[2009.03.19 09:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\PC Suite
[2010.07.21 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Qeekq
[2009.05.03 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Mrs.Smith\AppData\Roaming\Thunderbird
[2010.07.26 22:48:58 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
--- --- ---
 

Themen zu TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung
antivir, antwort, bild, fehlermeldung, hallo zusammen, hijack, hijack this, natürlich, neu, nicht starten, nichts, not, popup, popups, schonmal, seite, seiten, seltsame, spyware, spyware doctor, starten, tablet, this, trojaner, vorschläge, werbung, will nicht, zusammen


« ungefragte Werbetabs in firefox, svchost.exe Fehler "read" | Trojaner tr/crypt.cfi.gen von Avira AntiVir entdeckt »


Ähnliche Themen: TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung


  1. Popup Werbung beim Surfen
    Log-Analyse und Auswertung - 19.05.2015 (12)
  2. Ständiges Popup mit Werbung für Windows 7 reperatur
    Log-Analyse und Auswertung - 07.11.2014 (11)
  3. Seit kurzem im Browser plötzlich Werbung und grün unterstrichene Wörter, die mit Popup-Werbung hinterlegt sind
    Log-Analyse und Auswertung - 13.12.2013 (7)
  4. Ständige PopUp's + Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (10)
  5. Werbung & PopUp Trojaner
    Log-Analyse und Auswertung - 06.10.2013 (12)
  6. Adware.GamePlayLab - lästige Popup-Werbung
    Log-Analyse und Auswertung - 08.11.2012 (10)
  7. Mit TR/Jorik.Bredolab.T infiziert
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (4)
  8. Popup-Werbung trotz Popup-Blocker
    Plagegeister aller Art und deren Bekämpfung - 04.01.2009 (4)
  9. Popup-Werbung trotz Popup-Blocker
    Mülltonne - 03.01.2009 (0)
  10. Popup Werbung im IE
    Log-Analyse und Auswertung - 04.06.2008 (9)
  11. Popup Werbung im IE
    Log-Analyse und Auswertung - 20.05.2008 (1)
  12. Windows-Explorer popup mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 23.07.2007 (5)
  13. Popup und jede menge andere Werbung im IE
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (9)
  14. Ständig Popup Werbung
    Log-Analyse und Auswertung - 09.09.2006 (3)
  15. Problem mit Popup Werbung und öffnenden Websites
    Log-Analyse und Auswertung - 02.06.2006 (7)
  16. IE-Popup mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 19.05.2005 (2)
  17. Werbung bzw Popup Fenster ???
    Alles rund um Windows - 28.02.2005 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung - OTML.Txt: OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 26.07.2010 22:52:45 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mrs.Smith\Desktop Windows Vista Home Premium - TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung...
Archiv
Du betrachtest: TR/Jorik.Bredolab.BR, popup mit seltsamer Tabletten Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131