| |
| |||||||
Log-Analyse und Auswertung: Spyware Z.Bot124.Gen eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2012, 10:26
| #1 |
 |  Spyware Z.Bot124.Gen eingefangen Hallo! Meine Schwester hat sich einen Virus eingefangen, der den Rechner gekapert hat und Geld für die Entsperrung wollte. Leider kann ich den genauen Typ nicht sagen, da sie schon angefangen hatte, den PC zu säubern. Ich habe mich jetzt durch die Anleitung gearbeitet und hier sind die Ergebnisse: (1) Malware Antibytes hat in Quarantäne: - Worm.Autorun - Spyware.Zbot124.Gen (2) Schritt 1 defogger: erledigt ohne Probleme Schritt 2 OTL: Log Extra.txt im Anhang, OTL.txt_: OTL logfile created on: 25.07.2012 08:57:43 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,67% Memory free 4,22 Gb Paging File | 3,19 Gb Available in Paging File | 75,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,08 Gb Total Space | 0,46 Gb Free Space | 0,52% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.24 22:02:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.05.08 21:48:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:48:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.08 21:48:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 21:48:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (No Company Name) ========== MOD - [2006.12.12 10:04:00 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2006.12.12 10:01:48 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll MOD - [2002.05.28 19:11:04 | 000,122,880 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.07.01 17:45:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 21:48:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:48:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.08 21:48:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.03 14:07:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 21:48:43 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:48:43 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.05 23:15:32 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.06 00:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.10.11 16:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.07.29 16:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {72D238F7-AD45-4854-AEFD-0965729278F1} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6473A626-7CFD-495B-B465-78CA747D6FF9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{72D238F7-AD45-4854-AEFD-0965729278F1}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100012 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.21 21:26:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 10:53:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 10:53:47 | 000,000,000 | ---D | M] [2010.08.28 00:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.04 20:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n6w7b2n8.default\extensions [2012.05.27 19:59:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n6w7b2n8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.06 20:52:11 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n6w7b2n8.default\extensions\toolbar@ask.com [2012.05.03 14:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.03 14:07:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.03 14:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.03 14:07:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.03 14:07:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.03 14:07:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.03 14:07:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.03 14:07:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.09 18:59:25 | 000,442,985 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15221 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save Flash - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: antenne.de ([webradio] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: archiv.to ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: colbertnation.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: duckload.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: ing.be ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: klassikradio.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: starwoodhotels.com ([one] http in Vertrauenswürdige Sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D26B74-70FB-4420-9E59-F9B057FF455D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A857C29C-E60F-4824-AE66-7441D8E651D9}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEC4F1CC-5511-4E8A-8939-EC19BA8E8965}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a5bf545a-503d-11e1-ad7e-0016cfd96530}\Shell - "" = AutoRun O33 - MountPoints2\{a5bf545a-503d-11e1-ad7e-0016cfd96530}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5bf545c-503d-11e1-ad7e-0016cfd96530}\Shell - "" = AutoRun O33 - MountPoints2\{a5bf545c-503d-11e1-ad7e-0016cfd96530}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.24 22:02:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.09 18:42:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.09 18:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.09 18:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.09 18:41:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.09 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.09 18:37:45 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.01 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.25 08:51:39 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 08:51:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.25 08:51:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 03:00:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 03:00:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 22:09:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.24 22:04:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\4nv6jhqf.exe [2012.07.24 22:02:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.24 22:01:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.24 21:53:46 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.24 21:51:26 | 2137,460,736 | -HS- | M] () -- C:\hiberfil.sys [2012.07.24 21:50:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.24 21:44:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.09 19:33:13 | 000,003,250 | ---- | M] () -- C:\Windows\wininit.ini [2012.07.09 18:59:25 | 000,442,985 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.09 18:43:36 | 000,442,985 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120709-185924.backup [2012.07.07 15:08:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.07 12:02:43 | 000,001,724 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 17:45:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.01 17:45:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.24 22:09:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.24 22:04:08 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\4nv6jhqf.exe [2012.07.24 22:01:24 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.09 19:34:04 | 2137,460,736 | -HS- | C] () -- C:\hiberfil.sys [2012.07.09 19:33:05 | 000,003,250 | ---- | C] () -- C:\Windows\wininit.ini [2012.07.09 18:41:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.07 12:02:43 | 000,001,724 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.07 12:02:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.01.23 20:28:59 | 000,337,419 | ---- | C] () -- C:\Users\***\Globetrotter Bestellung Januar 2012.pdf [2011.03.06 16:29:20 | 000,718,342 | ---- | C] () -- C:\Windows\System32\unins000.exe [2011.03.06 16:29:20 | 000,031,834 | ---- | C] () -- C:\Windows\System32\unins000.dat [2010.10.12 20:31:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.09.06 07:25:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.09.05 12:08:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.09.05 12:08:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.09.05 12:05:41 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.29 19:14:44 | 000,052,542 | ---- | C] () -- C:\Users\***\www.expedia.de.pdf [2010.08.29 19:14:43 | 001,088,501 | ---- | C] () -- C:\Users\***\Wegweiser zu Sozialleistungen Deutsche Krebshilfe.pdf [2010.08.29 19:14:43 | 000,962,337 | ---- | C] () -- C:\Users\***\Trainingsbasics.pdf [2010.08.29 19:14:43 | 000,850,749 | ---- | C] () -- C:\Users\***\Versicherungen-Artikel Finanztest.pdf [2010.08.29 19:14:43 | 000,834,910 | ---- | C] () -- C:\Users\***\setupautoscreenrecorderfree.exe [2010.08.29 19:14:43 | 000,479,160 | ---- | C] () -- C:\Users\***\Vorsorge für den Erbfall Bayrisches Staatsministerium.pdf [2010.08.29 19:14:43 | 000,406,416 | ---- | C] () -- C:\Users\***\Vorsorge für Unfall - Krankheit - Alter Bayrisches Staatsministerium.pdf [2010.08.29 19:14:43 | 000,017,318 | ---- | C] () -- C:\Users\***\termine.html [2010.08.29 19:14:42 | 001,275,774 | ---- | C] () -- C:\Users\***\setupautoscreenrecorder.exe [2010.08.29 19:14:42 | 001,140,712 | ---- | C] () -- C:\Users\***\Metro Bruxelles.pdf [2010.08.29 19:14:42 | 001,140,712 | ---- | C] () -- C:\Users\***\Metro Brüssel.pdf [2010.08.29 19:14:42 | 000,511,205 | ---- | C] () -- C:\Users\***\Monatserhebung Juli 2007.pdf [2010.08.29 19:14:42 | 000,235,760 | ---- | C] () -- C:\Users\***\MMX7RegistryBackup_8-11-2010_10.58.55.reg [2010.08.29 19:14:42 | 000,195,522 | ---- | C] () -- C:\Users\***\Pronovias 2009.pdf [2010.08.29 19:14:42 | 000,056,147 | ---- | C] () -- C:\Users\***\Relationship Action Plan.pdf [2010.08.29 19:14:42 | 000,031,617 | ---- | C] () -- C:\Users\***\O2 Kündigung.rtf [2010.08.29 19:14:42 | 000,021,132 | ---- | C] () -- C:\Users\***\NuBra.jpg [2010.08.29 19:14:41 | 001,313,638 | ---- | C] () -- C:\Users\***\Info Plasmozytom Deutsche Krebshilfe.pdf [2010.08.29 19:14:41 | 001,207,698 | ---- | C] () -- C:\Users\***\Krebshilfe für Angehörige Deutsche Krebsgesellschaft.pdf [2010.08.29 19:14:41 | 000,865,119 | ---- | C] () -- C:\Users\***\*** und Dörte.gif [2010.08.29 19:14:41 | 000,583,366 | ---- | C] () -- C:\Users\***\Improving Forecasting for F&B outlets.pdf [2010.08.29 19:14:41 | 000,185,010 | ---- | C] () -- C:\Users\***\langsamer.wav [2010.08.29 19:14:41 | 000,128,563 | ---- | C] () -- C:\Users\***\Metabolic-Plan.pdf [2010.08.29 19:14:41 | 000,099,951 | ---- | C] () -- C:\Users\***\Haerbin 1966 - Parade at National Day.jpg [2010.08.29 19:14:41 | 000,090,000 | ---- | C] () -- C:\Users\***\How to be a Conference Commando.pdf [2010.08.29 19:14:40 | 000,676,379 | ---- | C] () -- C:\Users\***\Alles über die Soziale Sicherung in Belgien.pdf [2010.08.29 19:14:40 | 000,327,202 | ---- | C] () -- C:\Users\***\Girokonten Finanztest.pdf [2010.08.29 19:14:40 | 000,052,528 | ---- | C] () -- C:\Users\***\Congstar Rechnung 161008.pdf [2010.08.29 19:14:40 | 000,052,394 | ---- | C] () -- C:\Users\***\Congstar-Rechnung 091108.pdf [2010.08.29 19:14:40 | 000,001,820 | ---- | C] () -- C:\Users\***\Airport Tycoon 3.lnk [2010.08.29 19:14:38 | 000,000,082 | ---- | C] () -- C:\Users\***\501._501 [2010.08.29 18:40:25 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.29 17:13:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.08.27 23:50:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat < End of report > Schritt 3 GMER: Log Gmer.txt im Anhang  Wie bekomme ich das System wieder sauber? Bei jedem Neustart bringt er einen Fehler, dass er go_0molg nicht ausführen kann ... ist ja in der Quarantäne ... wie beheben?Danke für Eure Hilfe! Chris |
| Themen zu Spyware Z.Bot124.Gen eingefangen |
| adobe, antivir, avira, avira searchfree toolbar, bho, bonjour, defender, error, excel, explorer, fehler, firefox, flash player, format, geld, google earth, helper, logfile, malware, mozilla, national, object, plug-in, registry, safer networking, saving, scan, searchscopes, software, spyware, virus, vista |
Baum-Darstellung