Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2012, 12:19   #1
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hallo.
Ich habe mir vorhin möglicherweiße diesen Trojaner eingefangen

Hier der Ablauf der bisherigen Ereignisse:

1.) Besuch der (vermutlich) infizierten Website ( 11:15Uhr)

2.) Windows-Firewall meldet, dass die Datei "piuzyng.exe" mit dem Dateipfad C:\Users\Default.Default-PC\AppData\Roaming\oxqo\piuzyng.exe Zugriff auf das Internet möchte, das habe ich verweigert.

3.) Überprüfen der Datei mit Avira kommt zu keinem Ergebnis, lade sie bei virustotal.com hoch, Kaspersky zeigt "Trojan-Spy.Win32.Zbot.dnei"

3.) Untersuchen der besagten .exe-Datei, der Ordner in dem sie liegt hat als Erstellungsdatum 12.03.12 11:15, also genau als ich auf der Website war...

4.)Im Taskmanager läuft ein Prozess mit Namen "piuzyng.exe" den ich sofort beende und die .exe per Windows-Funktion lösche

5.)Zurücksetzen von Windows per Systemwiederherstellung auf den 10.03.12

6.)Nach dem Neustart des Systems läuft (für mich ersichtlich) kein verdächtiger Prozess mehr im Taskmanager

7.)Habe etwas recherchiert und mir den zbot-Killer von Kaspersky geladen und ausgeführt, der findet jedoch nichts


Ich benutze Windows 7 64bit und gesuft bin ich mit Opera.



Meine Frage: Bin ich nochmal mit einem "blauen Auge" davongekommen oder waren meine (vermutlich sehr stümperhaften) Versuche, mein System zu retten für die Katz und ich komme nicht mehr um ein Neuaufsetzen herum?


Wäre sehr froh, wenn mir das jemand sagen könnte und helfen könnte mein Windows wieder virenfrei zu bekommen :-)


hier noch der virustotal-link: https://www.virustotal.com/file/c43f95df511ab05bcc04bca1789857a2181d4b161dae129e12def4a849462e3e/analysis/1331547589/

Alt 12.03.2012, 12:27   #2
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hi,

könnte sein das es tatsächlich geklappt hat...

Zur Sicherheit:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
Ps.: Mail mir mal (PM- hier im Forum) die Adresse wo das Teil "rumliegt"...
__________________

__________________

Alt 12.03.2012, 12:28   #3
markusg
/// Malware-holic
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



hi,
kannst du mir den link der seite zusenden?
als private nachicht?
edit:
chris war zwar schneller, link hätte ich aber trotzdem gern :-)
__________________
__________________

Alt 12.03.2012, 13:26   #4
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hier die Logs von OTL, Malewarebytes folgt gleich (Hinweis: bei OTL.Txt habe ich ein paar private Dateien/Ordner mit *** zensiert, das waren aber auch nur Bilder, excel tabellen u.ä.)

OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Default.Default-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Advanced Wheel Mouse\wh_exec.exe ()
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 0A B6 4D B6 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "heise.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.3rc4
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 23:16:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.25 11:17:15 | 000,000,000 | ---D | M]
 
[2010.09.18 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2012.03.09 09:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions
[2012.03.01 21:16:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.24 19:56:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\firefox@ghostery.com
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2011.07.03 19:38:05 | 000,002,057 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i480jrob.default\searchplugins\youtube-videosuche.xml
[2011.11.09 00:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
[2012.02.18 23:16:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.18 20:48:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.20 17:14:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.23 22:14:20 | 000,001,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF6CA10-59B3-4B67-ADC3-7891F1F803D9}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.12 12:58:27 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Hegu
[2012.03.07 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.05 16:42:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:31:54 | 001,019,904 | ---- | C] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.03.04 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.24 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.02.24 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.02.23 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 23:48:17 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 12:23:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.19 00:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.02.19 00:34:28 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.18 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.15 22:25:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 22:25:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 22:25:31 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 22:25:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 22:25:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 22:25:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 22:25:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 22:25:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.15 22:25:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 22:25:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 22:25:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 14:22:05 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.12 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\My Documents
[2012.02.11 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.11 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 12:58:29 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 12:09:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.12 12:09:48 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.12 12:09:48 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.12 12:09:48 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.12 12:09:48 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.12 12:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 12:05:29 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 12:04:07 | 000,000,020 | ---- | M] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:32 | 000,050,477 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 22:25:56 | 138,989,256 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\FUSSM2PEWD2TPMF.rar
[2012.03.09 21:34:48 | 000,001,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:37 | 000,764,358 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6868.jpg
[2012.03.09 21:28:33 | 001,323,217 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6795.jpg
[2012.03.09 21:28:26 | 001,554,039 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6614.jpg
[2012.03.09 16:47:51 | 000,002,190 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:42 | 000,057,963 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.06 23:41:53 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 23:41:52 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.04 12:31:58 | 001,019,904 | ---- | M] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:25:19 | 000,001,422 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.28 21:21:30 | 000,311,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.23 18:03:17 | 000,001,800 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.02.18 15:35:33 | 004,845,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 20:22:31 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 12:04:06 | 000,000,020 | ---- | C] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:31 | 000,050,477 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 21:34:48 | 000,001,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:33:38 | 138,989,256 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:36 | 000,764,358 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:31 | 001,323,217 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:24 | 001,554,039 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 16:47:50 | 000,002,190 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:41 | 000,057,963 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:40 | 000,001,422 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:07 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2012.02.28 21:22:19 | 000,311,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.01.12 17:29:19 | 000,001,800 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.01.01 12:36:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.28 15:09:33 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\conquests.ini
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.10 15:01:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.03 20:12:21 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.26 16:01:19 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010.12.20 20:07:47 | 000,000,004 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\steam_md4.dat
[2010.10.31 20:02:06 | 000,000,156 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\burnaware.ini
[2010.10.31 19:42:21 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010.10.06 14:42:38 | 000,005,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.02 14:30:59 | 000,007,609 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Resmon.ResmonCfg
[2010.09.24 14:17:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.18 19:50:49 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.18 19:50:49 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.18 19:50:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.09.18 19:50:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.09.18 19:49:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.18 19:49:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.09.18 18:29:24 | 000,000,760 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\setup_ldm.iss

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8019A54F-530F-84C2-24DD-1C9F53257F7C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"ffdshow64_is1" = ffdshow x64 v1.1.3572 [2010-09-13]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Sandboxie" = Sandboxie 3.62 (64-bit)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.1.0.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.6.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"Album Art Downloader XUI" = Album Art Downloader XUI 0.37
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Blur(TM)_is1" = Blur(TM)
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.8.0
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"foobar2000" = foobar2000 v1.1.1
"FormatFactory" = FormatFactory 2.80
"Foxit Reader" = Foxit Reader
"Gaming Mouse" = Gaming Mouse
"Griffith_is1" = Griffith 0.12.1
"Homefront_is1" = Homefront
"Image Grabber II" = Image Grabber II
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"LeechFTP" = LeechFTP 
"Mafia II_is1" = Mafia II
"ManyCam" = ManyCam 2.5.74 (remove only)
"mIRC" = mIRC
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.47b
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"MyMDb_0" = MyMDb 3.6
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.61.1250" = Opera 11.61
"qutIM" = qutIM 0.2.0
"RouterControl" = RouterControl 2.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TIPP10_is1" = TIPP10 Version 2.0.3
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.5.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fbaaf7d101824206" = RoboGUI
"QIP 2010" = QIP 2010 10.10.11.4237
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 12.03.2012, 14:44   #5
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hi,

sieht soweit gut aus, MAM noch laufen lassen und log posten...
Eine Kleinigkeit:


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.03.2012, 14:54   #6
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



ok danke mach ich gleich, muss malewarebytes ein zweites mal laufen lassen, nach dem ersten mal hat es mein Windows neu gestartet und es gab keinen log mehr :/

Alt 12.03.2012, 14:59   #7
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hi,

starte MAM und schau mal auf dem Reiter "Logdateien" nach, poste das entsprechende LOG...

Wir prüfen nach her noch den MBR und auf TDSS..

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.03.2012, 15:05   #8
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



soll ich den suchlauf den ich gestartet habe also wieder abbrechen?

Alt 12.03.2012, 15:23   #9
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hi,

nein, lass laufen und poste dann einfach bei logs...

Später dann:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

aswMBR
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
  • Doppelklick auf die aswMBR.exe.
  • Scan-Button anklicken
  • Bootsectoren (MBR) etc. werden nun untersucht.....
  • Log speichern und im Thread posten

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.03.2012, 15:59   #10
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



so hier mal alle Scanns:

Malewarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Default :: DEFAULT-PC [Administrator]

Schutz: Aktiviert

12.03.2012 14:43:41
mbam-log-2012-03-12 (14-43-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441644
Laufzeit: 1 Stunde(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.Default-PC
->Temp folder emptied: 263326818 bytes
->Temporary Internet Files folder emptied: 188410584 bytes
->Java cache emptied: 52193042 bytes
->FireFox cache emptied: 130617503 bytes
->Opera cache emptied: 11358255 bytes
->Flash cache emptied: 470 bytes
 
User: DEFAUL~1~DEF
->Temp folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107105487 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 718,00 mb
 
 
OTL by OldTimer - Version 3.2.36.3 log created on 03122012_154650

Files\Folders moved on Reboot...
C:\Users\Default.Default-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

tdsskiller:
Code:
ATTFilter
15:57:12.0473 1348	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
15:57:12.0753 1348	============================================================
15:57:12.0753 1348	Current date / time: 2012/03/12 15:57:12.0753
15:57:12.0753 1348	SystemInfo:
15:57:12.0753 1348	
15:57:12.0753 1348	OS Version: 6.1.7600 ServicePack: 0.0
15:57:12.0753 1348	Product type: Workstation
15:57:12.0753 1348	ComputerName: DEFAULT-PC
15:57:12.0753 1348	UserName: Default
15:57:12.0753 1348	Windows directory: C:\Windows
15:57:12.0753 1348	System windows directory: C:\Windows
15:57:12.0753 1348	Running under WOW64
15:57:12.0753 1348	Processor architecture: Intel x64
15:57:12.0753 1348	Number of processors: 4
15:57:12.0753 1348	Page size: 0x1000
15:57:12.0753 1348	Boot type: Normal boot
15:57:12.0753 1348	============================================================
15:57:14.0625 1348	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348	Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348	Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:14.0625 1348	\Device\Harddisk0\DR0:
15:57:14.0625 1348	MBR used
15:57:14.0625 1348	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:14.0625 1348	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:57:14.0625 1348	\Device\Harddisk1\DR1:
15:57:14.0625 1348	GPT used
15:57:14.0625 1348	\Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {243D31A8-A48C-4488-A2A9-EAC517EBF326}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
15:57:14.0625 1348	\Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5F7A2127-5DA3-4181-BE49-AE41CA5998D1}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
15:57:14.0625 1348	\Device\Harddisk2\DR2:
15:57:14.0625 1348	MBR used
15:57:14.0625 1348	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E08000
15:57:14.0641 1348	Initialize success
15:57:14.0641 1348	============================================================
15:57:28.0166 1584	============================================================
15:57:28.0166 1584	Scan started
15:57:28.0166 1584	Mode: Manual; SigCheck; TDLFS; 
15:57:28.0166 1584	============================================================
15:57:28.0712 1584	1394ohci - ok
15:57:28.0728 1584	ACPI - ok
15:57:28.0728 1584	AcpiPmi - ok
15:57:28.0728 1584	adp94xx - ok
15:57:28.0743 1584	adpahci - ok
15:57:28.0743 1584	adpu320 - ok
15:57:28.0775 1584	AFD - ok
15:57:28.0775 1584	agp440 - ok
15:57:28.0775 1584	aliide - ok
15:57:28.0790 1584	amdide - ok
15:57:28.0790 1584	AmdK8 - ok
15:57:28.0790 1584	AmdPPM - ok
15:57:28.0790 1584	amdsata - ok
15:57:28.0790 1584	amdsbs - ok
15:57:28.0806 1584	amdxata - ok
15:57:28.0821 1584	androidusb - ok
15:57:28.0837 1584	AppID - ok
15:57:28.0853 1584	arc - ok
15:57:28.0853 1584	arcsas - ok
15:57:28.0853 1584	AsIO - ok
15:57:28.0868 1584	AsyncMac - ok
15:57:28.0868 1584	atapi - ok
15:57:28.0884 1584	AtiPcie - ok
15:57:28.0899 1584	avgntflt - ok
15:57:28.0915 1584	avipbb - ok
15:57:28.0915 1584	avkmgr - ok
15:57:28.0915 1584	avmeject - ok
15:57:28.0931 1584	b06bdrv - ok
15:57:28.0931 1584	b57nd60a - ok
15:57:28.0931 1584	Beep - ok
15:57:28.0946 1584	blbdrive - ok
15:57:28.0946 1584	bowser - ok
15:57:28.0946 1584	BrFiltLo - ok
15:57:28.0946 1584	BrFiltUp - ok
15:57:28.0962 1584	Brserid - ok
15:57:28.0962 1584	BrSerWdm - ok
15:57:28.0962 1584	BrUsbMdm - ok
15:57:28.0962 1584	BrUsbSer - ok
15:57:28.0962 1584	BTHMODEM - ok
15:57:28.0977 1584	cdfs - ok
15:57:28.0977 1584	cdrom - ok
15:57:28.0993 1584	circlass - ok
15:57:28.0993 1584	CLFS - ok
15:57:28.0993 1584	CmBatt - ok
15:57:29.0009 1584	cmdide - ok
15:57:29.0009 1584	CNG - ok
15:57:29.0009 1584	Compbatt - ok
15:57:29.0009 1584	CompositeBus - ok
15:57:29.0024 1584	crcdisk - ok
15:57:29.0024 1584	CSC - ok
15:57:29.0040 1584	DfsC - ok
15:57:29.0040 1584	discache - ok
15:57:29.0040 1584	Disk - ok
15:57:29.0055 1584	drmkaud - ok
15:57:29.0055 1584	DXGKrnl - ok
15:57:29.0055 1584	ebdrv - ok
15:57:29.0071 1584	elxstor - ok
15:57:29.0071 1584	ErrDev - ok
15:57:29.0071 1584	exfat - ok
15:57:29.0071 1584	fastfat - ok
15:57:29.0087 1584	fdc - ok
15:57:29.0102 1584	FileInfo - ok
15:57:29.0102 1584	Filetrace - ok
15:57:29.0102 1584	flpydisk - ok
15:57:29.0118 1584	FltMgr - ok
15:57:29.0149 1584	FsDepends - ok
15:57:29.0149 1584	Fs_Rec - ok
15:57:29.0149 1584	fvevol - ok
15:57:29.0149 1584	fwlanusbn - ok
15:57:29.0149 1584	gagp30kx - ok
15:57:29.0165 1584	GMSIPCI - ok
15:57:29.0165 1584	hcw85cir - ok
15:57:29.0165 1584	HdAudAddService - ok
15:57:29.0165 1584	HDAudBus - ok
15:57:29.0180 1584	HidBatt - ok
15:57:29.0180 1584	HidBth - ok
15:57:29.0180 1584	HidIr - ok
15:57:29.0180 1584	HidUsb - ok
15:57:29.0196 1584	HpSAMD - ok
15:57:29.0196 1584	HTTP - ok
15:57:29.0196 1584	hwpolicy - ok
15:57:29.0196 1584	i8042prt - ok
15:57:29.0211 1584	iaStorV - ok
15:57:29.0211 1584	iirsp - ok
15:57:29.0211 1584	intelide - ok
15:57:29.0227 1584	intelppm - ok
15:57:29.0227 1584	IpFilterDriver - ok
15:57:29.0227 1584	IPMIDRV - ok
15:57:29.0227 1584	IPNAT - ok
15:57:29.0243 1584	IRENUM - ok
15:57:29.0243 1584	isapnp - ok
15:57:29.0243 1584	iScsiPrt - ok
15:57:29.0243 1584	kbdclass - ok
15:57:29.0243 1584	kbdhid - ok
15:57:29.0258 1584	KSecDD - ok
15:57:29.0258 1584	KSecPkg - ok
15:57:29.0258 1584	ksthunk - ok
15:57:29.0289 1584	LHidFilt - ok
15:57:29.0289 1584	lltdio - ok
15:57:29.0289 1584	LSI_FC - ok
15:57:29.0305 1584	LSI_SAS - ok
15:57:29.0305 1584	LSI_SAS2 - ok
15:57:29.0305 1584	LSI_SCSI - ok
15:57:29.0305 1584	luafv - ok
15:57:29.0305 1584	LUsbFilt - ok
15:57:29.0321 1584	MBAMProtector - ok
15:57:29.0336 1584	megasas - ok
15:57:29.0336 1584	MegaSR - ok
15:57:29.0336 1584	Modem - ok
15:57:29.0352 1584	monitor - ok
15:57:29.0352 1584	mouclass - ok
15:57:29.0352 1584	mouhid - ok
15:57:29.0352 1584	mountmgr - ok
15:57:29.0352 1584	mpio - ok
15:57:29.0367 1584	mpsdrv - ok
15:57:29.0367 1584	MRxDAV - ok
15:57:29.0367 1584	mrxsmb - ok
15:57:29.0367 1584	mrxsmb10 - ok
15:57:29.0383 1584	mrxsmb20 - ok
15:57:29.0383 1584	msahci - ok
15:57:29.0383 1584	msdsm - ok
15:57:29.0383 1584	Msfs - ok
15:57:29.0399 1584	mshidkmdf - ok
15:57:29.0399 1584	msisadrv - ok
15:57:29.0399 1584	MSKSSRV - ok
15:57:29.0399 1584	MSPCLOCK - ok
15:57:29.0414 1584	MSPQM - ok
15:57:29.0414 1584	MsRPC - ok
15:57:29.0414 1584	mssmbios - ok
15:57:29.0414 1584	MSTEE - ok
15:57:29.0430 1584	MTConfig - ok
15:57:29.0430 1584	MTsensor - ok
15:57:29.0430 1584	Mup - ok
15:57:29.0430 1584	NativeWifiP - ok
15:57:29.0445 1584	NDIS - ok
15:57:29.0445 1584	NdisCap - ok
15:57:29.0445 1584	NdisTapi - ok
15:57:29.0445 1584	Ndisuio - ok
15:57:29.0445 1584	NdisWan - ok
15:57:29.0461 1584	NDProxy - ok
15:57:29.0461 1584	NetBIOS - ok
15:57:29.0461 1584	NetBT - ok
15:57:29.0477 1584	nfrd960 - ok
15:57:29.0477 1584	Npfs - ok
15:57:29.0492 1584	nsiproxy - ok
15:57:29.0492 1584	Ntfs - ok
15:57:29.0492 1584	Null - ok
15:57:29.0508 1584	nusb3hub - ok
15:57:29.0508 1584	nusb3xhc - ok
15:57:29.0523 1584	NVHDA - ok
15:57:29.0523 1584	nvlddmkm - ok
15:57:29.0523 1584	nvraid - ok
15:57:29.0523 1584	nvstor - ok
15:57:29.0539 1584	nv_agp - ok
15:57:29.0539 1584	ohci1394 - ok
15:57:29.0555 1584	Parport - ok
15:57:29.0555 1584	partmgr - ok
15:57:29.0555 1584	pci - ok
15:57:29.0555 1584	pciide - ok
15:57:29.0570 1584	pcmcia - ok
15:57:29.0570 1584	pcw - ok
15:57:29.0570 1584	PEAUTH - ok
15:57:29.0586 1584	PptpMiniport - ok
15:57:29.0601 1584	Processor - ok
15:57:29.0601 1584	Psched - ok
15:57:29.0601 1584	ql2300 - ok
15:57:29.0617 1584	ql40xx - ok
15:57:29.0617 1584	QWAVEdrv - ok
15:57:29.0617 1584	RasAcd - ok
15:57:29.0617 1584	RasAgileVpn - ok
15:57:29.0633 1584	Rasl2tp - ok
15:57:29.0633 1584	RasPppoe - ok
15:57:29.0633 1584	RasSstp - ok
15:57:29.0633 1584	rdbss - ok
15:57:29.0648 1584	rdpbus - ok
15:57:29.0648 1584	RDPCDD - ok
15:57:29.0648 1584	RDPDR - ok
15:57:29.0648 1584	RDPENCDD - ok
15:57:29.0664 1584	RDPREFMP - ok
15:57:29.0664 1584	RDPWD - ok
15:57:29.0664 1584	rdyboost - ok
15:57:29.0679 1584	rspndr - ok
15:57:29.0695 1584	RTL8167 - ok
15:57:29.0695 1584	s0016bus - ok
15:57:29.0695 1584	s0016mdfl - ok
15:57:29.0695 1584	s0016mdm - ok
15:57:29.0695 1584	s0016mgmt - ok
15:57:29.0711 1584	s0016nd5 - ok
15:57:29.0711 1584	s0016obex - ok
15:57:29.0711 1584	s0016unic - ok
15:57:29.0711 1584	s3cap - ok
15:57:29.0726 1584	SbieDrv - ok
15:57:29.0726 1584	sbp2port - ok
15:57:29.0726 1584	scfilter - ok
15:57:29.0742 1584	secdrv - ok
15:57:29.0742 1584	Serenum - ok
15:57:29.0757 1584	Serial - ok
15:57:29.0757 1584	sermouse - ok
15:57:29.0757 1584	sffdisk - ok
15:57:29.0773 1584	sffp_mmc - ok
15:57:29.0773 1584	sffp_sd - ok
15:57:29.0773 1584	sfloppy - ok
15:57:29.0773 1584	SiSRaid2 - ok
15:57:29.0789 1584	SiSRaid4 - ok
15:57:29.0789 1584	Smb - ok
15:57:29.0789 1584	speedfan - ok
15:57:29.0789 1584	spldr - ok
15:57:29.0820 1584	sptd - ok
15:57:29.0820 1584	srv - ok
15:57:29.0820 1584	srv2 - ok
15:57:29.0820 1584	srvnet - ok
15:57:29.0913 1584	ssadbus - ok
15:57:29.0929 1584	ssadmdfl - ok
15:57:29.0945 1584	ssadmdm - ok
15:57:29.0945 1584	sscdbus - ok
15:57:29.0976 1584	sscdmdfl - ok
15:57:29.0976 1584	sscdmdm - ok
15:57:29.0991 1584	stexstor - ok
15:57:30.0007 1584	storflt - ok
15:57:30.0007 1584	storvsc - ok
15:57:30.0007 1584	swenum - ok
15:57:30.0023 1584	tap0901 - ok
15:57:30.0038 1584	Tcpip - ok
15:57:30.0038 1584	TCPIP6 - ok
15:57:30.0038 1584	tcpipreg - ok
15:57:30.0054 1584	TDPIPE - ok
15:57:30.0054 1584	TDTCP - ok
15:57:30.0054 1584	tdx - ok
15:57:30.0069 1584	TermDD - ok
15:57:30.0069 1584	truecrypt - ok
15:57:30.0085 1584	tssecsrv - ok
15:57:30.0085 1584	tunnel - ok
15:57:30.0101 1584	uagp35 - ok
15:57:30.0101 1584	udfs - ok
15:57:30.0101 1584	uliagpkx - ok
15:57:30.0101 1584	umbus - ok
15:57:30.0116 1584	UmPass - ok
15:57:30.0147 1584	usbaudio - ok
15:57:30.0147 1584	usbccgp - ok
15:57:30.0163 1584	usbcir - ok
15:57:30.0163 1584	usbehci - ok
15:57:30.0163 1584	usbfilter - ok
15:57:30.0179 1584	usbhub - ok
15:57:30.0179 1584	usbohci - ok
15:57:30.0179 1584	usbprint - ok
15:57:30.0179 1584	USBSTOR - ok
15:57:30.0179 1584	usbuhci - ok
15:57:30.0194 1584	usbvideo - ok
15:57:30.0194 1584	vdrvroot - ok
15:57:30.0194 1584	vga - ok
15:57:30.0210 1584	VgaSave - ok
15:57:30.0210 1584	vhdmp - ok
15:57:30.0210 1584	VIAHdAudAddService - ok
15:57:30.0210 1584	viaide - ok
15:57:30.0225 1584	vmbus - ok
15:57:30.0225 1584	VMBusHID - ok
15:57:30.0225 1584	volmgr - ok
15:57:30.0225 1584	volmgrx - ok
15:57:30.0225 1584	volsnap - ok
15:57:30.0241 1584	vsmraid - ok
15:57:30.0241 1584	vwifibus - ok
15:57:30.0241 1584	WacomPen - ok
15:57:30.0241 1584	WANARP - ok
15:57:30.0257 1584	Wanarpv6 - ok
15:57:30.0257 1584	Wd - ok
15:57:30.0272 1584	Wdf01000 - ok
15:57:30.0288 1584	WfpLwf - ok
15:57:30.0288 1584	whfltr2k - ok
15:57:30.0288 1584	WIMMount - ok
15:57:30.0303 1584	WinUsb - ok
15:57:30.0303 1584	WmiAcpi - ok
15:57:30.0319 1584	ws2ifsl - ok
15:57:30.0335 1584	WudfPf - ok
15:57:30.0335 1584	WUDFRd - ok
15:57:30.0350 1584	MBR (0x1B8)     (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk0\DR0
15:57:30.0615 1584	\Device\Harddisk0\DR0 - ok
15:57:30.0631 1584	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:57:30.0771 1584	\Device\Harddisk1\DR1 - ok
15:57:30.0771 1584	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:57:31.0395 1584	\Device\Harddisk2\DR2 - ok
15:57:31.0427 1584	Boot (0x1200)   (01e8b4a1190ce473cbd1a4fc821982b2) \Device\Harddisk0\DR0\Partition0
15:57:31.0427 1584	\Device\Harddisk0\DR0\Partition0 - ok
15:57:31.0442 1584	Boot (0x1200)   (3a4a50e3678c1f5d005c66d9a8a9e3e0) \Device\Harddisk0\DR0\Partition1
15:57:31.0442 1584	\Device\Harddisk0\DR0\Partition1 - ok
15:57:31.0442 1584	Boot (0x1200)   (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition0
15:57:31.0442 1584	\Device\Harddisk1\DR1\Partition0 - ok
15:57:31.0458 1584	Boot (0x1200)   (fbbb329176e2d72a4e4b064594771fae) \Device\Harddisk1\DR1\Partition1
15:57:31.0458 1584	\Device\Harddisk1\DR1\Partition1 - ok
15:57:31.0458 1584	Boot (0x1200)   (04c170b5072e296d806ad0b0435f8fce) \Device\Harddisk2\DR2\Partition0
15:57:31.0458 1584	\Device\Harddisk2\DR2\Partition0 - ok
15:57:31.0458 1584	============================================================
15:57:31.0458 1584	Scan finished
15:57:31.0458 1584	============================================================
15:57:31.0473 3700	Detected object count: 0
15:57:31.0473 3700	Actual detected object count: 0
         

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 16:07:06
-----------------------------
16:07:06.546    OS Version: Windows x64 6.1.7600 
16:07:06.546    Number of processors: 4 586 0x403
16:07:06.546    ComputerName: DEFAULT-PC  UserName: Default
16:07:07.466    Initialize success
16:07:23.058    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:07:23.058    Disk 0 Vendor: WDC_WD5000AAKS-007AA0 05.01D05 Size: 476940MB BusType: 3
16:07:23.073    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
16:07:23.073    Disk 1 Vendor: ST32000542AS CC37 Size: 1907729MB BusType: 3
16:07:23.089    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-6
16:07:23.089    Disk 2 Vendor: WDC_WD2001FASS-00W2B0 05.01D05 Size: 1907729MB BusType: 3
16:07:23.104    Disk 0 MBR read successfully
16:07:23.104    Disk 0 MBR scan
16:07:23.104    Disk 0 unknown MBR code
16:07:23.104    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS               100 MB offset 2048
16:07:23.120    Disk 0 Partition 2 00     07    HPFS/NTFS            476838 MB offset 206848
16:07:23.120    Disk 0 scanning C:\Windows\system32\drivers
16:07:23.120    Service scanning
16:07:25.990    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
16:07:33.338    Modules scanning
16:07:33.354    Disk 0 trace - called modules:
16:07:33.369    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
16:07:33.385    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a28790]
16:07:33.385    3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa80048f69b0]
16:07:33.400    5 ACPI.sys[fffff88000f5f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049a6060]
16:07:33.400    Scan finished successfully
16:07:42.324    Disk 0 MBR has been saved successfully to "C:\Users\Default.Default-PC\Desktop\MBR.dat"
16:07:42.339    The log file has been saved successfully to "C:\Users\Default.Default-PC\Desktop\aswMBR.txt"
         

Geändert von infecteduser (12.03.2012 um 16:08 Uhr)

Alt 12.03.2012, 16:53   #11
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Hi,

sieht ok aus...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.03.2012, 16:55   #12
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"



Da bin ich ja mehr als erleichtert :-)

Tausend Dank für die kompetente und schnelle Hilfe

Antwort

Themen zu "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
ablauf, appdata, avira, besuch, datei, ergebnis, ersichtlich, frage, infizierte, internet, kaspersky, melde, meldet, namen, neustart, nicht mehr, ordner, prozess, retten, roaming, systemwiederherstellung, taskmanager, trojaner, verdächtiger prozess, virus, virustotal.com, windows 7 64bit, windows-firewall, zugriff, zurücksetzen



Ähnliche Themen: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js)
    Log-Analyse und Auswertung - 28.04.2014 (9)
  3. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  4. ZoneAlarm meldet Fund: "Trojan-Spy.Win32.Zbot.nesk"
    Log-Analyse und Auswertung - 18.07.2013 (11)
  5. Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"
    Log-Analyse und Auswertung - 05.06.2013 (10)
  6. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  7. "AcroIEHelpe163.dll" in C:\Users\Hendrik\AppData\Roaming\, TR/Rogue.kdv.666318
    Log-Analyse und Auswertung - 08.08.2012 (5)
  8. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  9. Trojaner TR/Dropper.Gen2 in C:\Users\Mirja\AppData\Roaming\Mozilla\Firefox\Profiles\6x4lp5w3.default
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (8)
  10. aswMBR.exe findet "Windows XP default MBR code" auf Win7 64bit System und unbekannte Partitionstabel
    Log-Analyse und Auswertung - 29.10.2011 (5)
  11. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  12. Firewall7Control "WSH Default Inbound Block Incoming"
    Antiviren-, Firewall- und andere Schutzprogramme - 15.09.2011 (24)
  13. Wie soll ich "HTML/Rce.gen" in "\Firefox\Profiles\p2hadvdz.default\Cache" entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (1)
  14. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  15. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  16. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Hallo. Ich habe mir vorhin möglicherweiße diesen Trojaner eingefangen Hier der Ablauf der bisherigen Ereignisse: 1.) Besuch der (vermutlich) infizierten Website ( 11:15Uhr) 2.) Windows-Firewall meldet, dass die Datei "piuzyng.exe" - "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"...
Archiv
Du betrachtest: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.