Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista - Security Essentials findet Zbot und Sirefef

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.10.2012, 11:00   #1
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hallo an die Spezialisten,

Microsoft Security Essentials hat auf meinem Rechner während des Surfens im Ordner Appdata\Local\Temp\low mehrere Trojaner gefunden, unter anderem oben genannte.

Einer wurde gelöscht, die anderen befinden sich in Quarantäne.

Malwarebytes hat beim Vollscan nichts gefunden.

Mit Eurer Hilfe möchte ich nun herausfinden, ob bereits Schaden auf meinem PC angerichtet wurde. Anbei die Logfiles von OTL und Gmer.

Vielen Dank im Voraus für Eure Hilfe!

Code:
ATTFilter
OTL logfile created on: 05.10.2012 09:55:03 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Eva\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 50,00% Memory free
4,21 Gb Paging File | 3,08 Gb Available in Paging File | 73,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 74,83 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,36 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
 
Computer Name: EVA-PC | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.05 09:35:33 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Programme\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 12:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 10:51:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.16 10:50:45 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012.06.16 10:44:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.16 10:44:02 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 11:43:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.12 11:42:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 11:42:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 21:46:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 21:44:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 21:43:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Programme\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 17:15:00 | 000,062,704 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\SdbShared.resources.dll
MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Programme\Dell DataSafe Online\CppUtils.dll
MOD - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.11.03 10:54:00 | 000,058,608 | ---- | M] () -- C:\Programme\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008.10.27 11:07:18 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.30 10:40:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.02.03 20:57:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.23 13:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.11.23 13:40:32 | 000,131,152 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2009.02.23 13:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8AA14900-E492-4A18-876E-97C2E26E57F7}
IE - HKLM\..\SearchScopes\{8AA14900-E492-4A18-876E-97C2E26E57F7}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {308B465C-D311-4D8D-B46F-3B51619D2B48}
IE - HKCU\..\SearchScopes\{308B465C-D311-4D8D-B46F-3B51619D2B48}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D2004B07-F7BE-429D-B1B8-E7C501640077}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Unable to open value key File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C194A50-D310-4A00-B895-3820EF141C35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8203015D-C37E-4C67-BC42-E4FE2D0F96BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7941dea1-f9a9-11dd-b9cd-00242b6ff9ec}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 09:35:33 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.04 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Local\DoNotTrackPlus
[2012.09.30 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.30 11:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.30 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.09.30 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.09.30 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Roaming\Malwarebytes
[2012.09.30 10:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 10:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.30 10:12:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 10:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.15 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Roaming\SharePod
[2009.07.27 19:17:46 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Eva\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 09:51:32 | 000,000,000 | ---- | M] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | M] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:45:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.05 09:37:55 | 000,302,592 | ---- | M] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:35:33 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | M] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.10.05 09:17:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 09:17:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 09:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 09:17:18 | 2134,990,848 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 19:12:07 | 000,094,089 | ---- | M] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 13:50:08 | 000,035,840 | ---- | M] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.30 11:16:17 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:12:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.29 20:45:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.29 20:45:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.29 20:45:39 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.29 20:45:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.29 20:45:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 09:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | C] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:54 | 000,302,592 | ---- | C] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | C] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | C] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 11:16:17 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:40:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 10:12:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.20 21:39:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.20 21:37:27 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.04.04 23:47:46 | 000,005,972 | ---- | C] () -- C:\Users\Eva\AppData\Local\d3d9caps.dat
[2009.02.16 15:37:04 | 000,035,840 | ---- | C] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.12 20:16:26 | 000,005,424 | ---- | C] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2009.02.09 14:42:47 | 000,008,828 | ---- | C] () -- C:\Users\Eva\AppData\Local\de.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.02.25 01:10:08 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Buhl Data Service
[2009.06.06 19:39:47 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\CupcakeCafe
[2011.10.31 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\FRITZ!
[2012.08.13 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\OfficeRecovery
[2011.03.02 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\PCDr
[2012.08.15 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\pdfforge
[2012.09.15 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\SharePod
[2009.02.12 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template
[2011.03.13 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\TotalRecorder
[2009.10.23 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 440 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:B72729D8

< End of report >
         

Alt 05.10.2012, 12:39   #2
markusg
/// Malware-holic
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



hi
öffne bitte malwarebytes, berichte, poste, falls vorhanden, logs mit funden.
öffne MSE, dort kannst du die detailierten fundmeldungen sehen, die posten
__________________

__________________

Alt 05.10.2012, 17:50   #3
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Danke für die schnelle Antwort.

Malwarebytes hat nach vollständigem Scan nichts gefunden.

Die Funde von Security Essentials lauten wie folgt:

Exploit:Java/CVE-2012-0507.NP

containerfile:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp
file:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp->LaqHaCN.class

TrojanDownloader:Java/OpenStream.CI

containerfile:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp
file:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp->KQtNSDSoC.class
file:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp->lCcBJsD.class
file:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp->OTQWAVE.class

Exploit:Java/CVE-2012-4681.AAM

containerfile:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp
file:C:\Users\Eva\AppData\Local\Temp\Low\jar_cache62458.tmp->vBnajybNYN.class

Trojan:Win32/Sirefef.P

file:C:\Users\Eva\AppData\Local\Temp\Low\A525.tmp
file:C:\Users\Eva\AppData\Local\Temp\Low\msimg32.doll

Rogue:Win32/Winwebsec

file:C:\Users\Eva\AppData\Local\Temp\Low\9607.tmp

PWS:Win32/Zbot.gen!AJ (-> von Security Essentials entfernt)

containerfile:C:\Users\Eva\AppData\Local\Temp\Low\moncreut.exe
file:C:\Users\Eva\AppData\Local\Temp\Low\moncreut.exe->[INJECTOR_CL]

Trojan:JS/Iframe.BT

file:C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HN4TANI\adsc-support_net[1].htm->(SCRIPT0000)
file:C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MV0AOHTY\adscale-vid_net[1].htm->(SCRIPT0000
__________________

Alt 16.10.2012, 14:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hi,

Sorry für die Verspätung

Poste bitte mal ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.10.2012, 22:02   #5
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hallo schrauber,
danke für die Rückmeldung.
OTL.txt lautet wie folgt:
Code:
ATTFilter
OTL logfile created on: 16.10.2012 22:45:12 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eva\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,26% Memory free
4,22 Gb Paging File | 2,90 Gb Available in Paging File | 68,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 75,20 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,36 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
 
Computer Name: EVA-PC | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 12:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 10:51:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.05.12 11:42:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:44:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 21:43:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008.10.27 11:07:18 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.11 22:45:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.02.03 20:57:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.23 13:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.11.23 13:40:32 | 000,131,152 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2009.02.23 13:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8AA14900-E492-4A18-876E-97C2E26E57F7}
IE - HKLM\..\SearchScopes\{8AA14900-E492-4A18-876E-97C2E26E57F7}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {308B465C-D311-4D8D-B46F-3B51619D2B48}
IE - HKCU\..\SearchScopes\{308B465C-D311-4D8D-B46F-3B51619D2B48}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D2004B07-F7BE-429D-B1B8-E7C501640077}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C194A50-D310-4A00-B895-3820EF141C35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8203015D-C37E-4C67-BC42-E4FE2D0F96BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 22:41:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.16 22:13:50 | 000,000,000 | ---D | C] -- C:\Users\Eva\Desktop\logs
[2012.10.05 11:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.05 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.04 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Local\DoNotTrackPlus
[2012.09.30 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.30 11:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.30 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.09.30 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.09.30 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Roaming\Malwarebytes
[2012.09.30 10:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 10:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.30 10:12:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 10:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.07.27 19:17:46 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Eva\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 22:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.16 22:11:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 22:11:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 20:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 20:11:52 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 21:43:18 | 000,188,928 | ---- | M] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.07 21:43:18 | 000,005,574 | ---- | M] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2012.10.05 19:06:16 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.05 19:06:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.05 19:06:16 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.05 19:06:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.05 09:51:32 | 000,000,000 | ---- | M] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | M] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:55 | 000,302,592 | ---- | M] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | M] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | M] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 13:50:08 | 000,035,840 | ---- | M] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.30 11:16:17 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:12:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.29 20:45:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 21:43:18 | 000,188,928 | ---- | C] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.05 09:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | C] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:54 | 000,302,592 | ---- | C] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | C] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | C] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 11:16:17 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:40:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 10:12:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.20 21:39:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.20 21:37:27 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.04.04 23:47:46 | 000,005,972 | ---- | C] () -- C:\Users\Eva\AppData\Local\d3d9caps.dat
[2009.02.16 15:37:04 | 000,035,840 | ---- | C] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.12 20:16:26 | 000,005,574 | ---- | C] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2009.02.09 14:42:47 | 000,008,828 | ---- | C] () -- C:\Users\Eva\AppData\Local\de.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.02.25 01:10:08 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Buhl Data Service
[2009.06.06 19:39:47 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\CupcakeCafe
[2011.10.31 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\FRITZ!
[2012.08.13 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\OfficeRecovery
[2011.03.02 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\PCDr
[2012.08.15 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\pdfforge
[2012.09.15 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\SharePod
[2009.02.12 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template
[2011.03.13 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\TotalRecorder
[2009.10.23 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 440 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:B72729D8

< End of report >
         
Extras.txt ist diesmal nicht erschienen?

Viele Dank und viele Grüße
Odile


Alt 17.10.2012, 06:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Vista - Security Essentials findet Zbot und Sirefef

Alt 17.10.2012, 17:21   #7
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hier der combofix.txt:

Code:
ATTFilter
ComboFix 12-10-17.03 - Eva 17.10.2012  17:42:38.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1038 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-17 bis 2012-10-17  ))))))))))))))))))))))))))))))
.
.
2012-10-17 15:54 . 2012-10-17 15:54	--------	d-----w-	c:\users\Eva\AppData\Local\temp
2012-10-17 15:54 . 2012-10-17 15:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-17 15:28 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCC24DD0-EF1B-4434-9985-E67F6EA0E9B0}\mpengine.dll
2012-10-16 18:25 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 17:15 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-12 17:15 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-12 17:15 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-12 17:15 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-12 17:15 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-12 17:15 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-12 17:15 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-06 16:12 . 2012-09-30 16:39	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66CCC1C5-AE79-4AE2-8311-AEA4D02C402F}\gapaengine.dll
2012-10-05 09:46 . 2012-10-05 09:46	--------	d-----w-	c:\program files\7-Zip
2012-10-04 14:45 . 2012-10-16 18:19	--------	d-----w-	c:\users\Eva\AppData\Local\DoNotTrackPlus
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-30 09:01 . 2012-09-30 09:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-09-30 09:00 . 2012-09-30 09:01	--------	d-----w-	c:\program files\QuickTime
2012-09-30 08:51 . 2012-09-30 08:50	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-30 08:51 . 2012-09-30 08:50	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-30 08:40 . 2012-10-11 20:45	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-30 08:12 . 2012-09-30 08:12	--------	d-----w-	c:\users\Eva\AppData\Roaming\Malwarebytes
2012-09-30 08:12 . 2012-09-30 08:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-30 08:12 . 2012-09-30 08:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-30 08:12 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 20:45 . 2011-09-28 18:24	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 16:39 . 2012-02-24 17:10	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-30 20:03 . 2012-08-30 20:03	193552	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 14:25	99272	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-3 50688]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-2-24 29184]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2011-11-27 1380464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-17 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-03 18:57	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 20:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.startpage.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-17 17:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-17  18:01:00
ComboFix-quarantined-files.txt  2012-10-17 16:00
.
Vor Suchlauf: 12 Verzeichnis(se), 80.385.961.984 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 81.283.993.600 Bytes frei
.
- - End Of File - - 66541729F1092C8FAF8AA9A4D390AA38
         

Alt 18.10.2012, 06:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hi,

Malwarebytes updaten, Quick Scan, Funde löschen lassen, Log posten.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Und bitte ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.10.2012, 20:56   #9
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Hallo schrauber,

anbei die logfiles.

Viele Grüße
Odile

Alt 19.10.2012, 16:23   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Bitte die Logfiles nicht anhängen, sondern in den Thread posten. Von der Arbeit aus kann ich die nicht öffnen. Kannst du die obigen bitte auch nochmal in den Thread posten? Danke
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.10.2012, 18:32   #11
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



oh, natürlich, hier die logfiles:

Code:
ATTFilter
C:\Users\Eva\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\52046003-7ea7da40	Java/Exploit.Agent.NAO trojan
C:\Users\Eva\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7149bbaf-1cf666d7	multiple threats
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eva :: EVA-PC [Administrator]

18.10.2012 17:48:53
mbam-log-2012-10-18 (17-48-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193471
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
OTL logfile created on: 18.10.2012 21:35:33 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eva\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,71% Memory free
4,22 Gb Paging File | 3,06 Gb Available in Paging File | 72,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 75,67 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,36 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
 
Computer Name: EVA-PC | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 12:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 10:51:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.05.12 11:42:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:44:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 21:43:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008.10.27 11:07:18 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.11 22:45:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.02.03 20:57:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Eva\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.23 13:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.11.23 13:40:32 | 000,131,152 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2009.02.23 13:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8AA14900-E492-4A18-876E-97C2E26E57F7}
IE - HKLM\..\SearchScopes\{8AA14900-E492-4A18-876E-97C2E26E57F7}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {308B465C-D311-4D8D-B46F-3B51619D2B48}
IE - HKCU\..\SearchScopes\{308B465C-D311-4D8D-B46F-3B51619D2B48}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D2004B07-F7BE-429D-B1B8-E7C501640077}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C194A50-D310-4A00-B895-3820EF141C35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8203015D-C37E-4C67-BC42-E4FE2D0F96BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 18:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.17 18:01:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.17 18:01:10 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Local\temp
[2012.10.17 17:59:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.17 17:38:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.17 17:38:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.17 17:38:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.17 17:38:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.17 17:37:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.17 17:34:16 | 004,981,633 | R--- | C] (Swearware) -- C:\Users\Eva\Desktop\ComboFix.exe
[2012.10.16 22:41:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.16 22:13:50 | 000,000,000 | ---D | C] -- C:\Users\Eva\Desktop\logs
[2012.10.05 11:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.05 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.04 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Local\DoNotTrackPlus
[2012.09.30 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.30 11:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.30 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.09.30 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.09.30 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Roaming\Malwarebytes
[2012.09.30 10:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 10:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.30 10:12:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 10:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.07.27 19:17:46 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Eva\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 21:37:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 21:37:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 21:35:05 | 000,000,792 | ---- | M] () -- C:\Users\Eva\Desktop\mbam-log-2012-10-18 (17-48-53).zip
[2012.10.18 21:31:36 | 000,000,293 | ---- | M] () -- C:\Users\Eva\Desktop\ESET.zip
[2012.10.18 20:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 17:47:33 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.18 17:37:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.18 17:37:10 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 17:34:42 | 004,981,633 | R--- | M] (Swearware) -- C:\Users\Eva\Desktop\ComboFix.exe
[2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.07 21:43:18 | 000,188,928 | ---- | M] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.07 21:43:18 | 000,005,574 | ---- | M] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2012.10.05 19:06:16 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.05 19:06:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.05 19:06:16 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.05 19:06:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.05 09:51:32 | 000,000,000 | ---- | M] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | M] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:55 | 000,302,592 | ---- | M] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | M] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | M] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 13:50:08 | 000,035,840 | ---- | M] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.30 11:16:17 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.29 20:45:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.18 21:35:05 | 000,000,792 | ---- | C] () -- C:\Users\Eva\Desktop\mbam-log-2012-10-18 (17-48-53).zip
[2012.10.18 21:31:36 | 000,000,293 | ---- | C] () -- C:\Users\Eva\Desktop\ESET.zip
[2012.10.17 17:38:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.17 17:38:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.17 17:38:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.17 17:38:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.17 17:38:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.07 21:43:18 | 000,188,928 | ---- | C] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.05 09:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | C] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:54 | 000,302,592 | ---- | C] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | C] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | C] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 11:16:17 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:40:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 10:12:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.20 21:39:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.20 21:37:27 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.04.04 23:47:46 | 000,005,972 | ---- | C] () -- C:\Users\Eva\AppData\Local\d3d9caps.dat
[2009.02.16 15:37:04 | 000,035,840 | ---- | C] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.12 20:16:26 | 000,005,574 | ---- | C] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2009.02.09 14:42:47 | 000,008,828 | ---- | C] () -- C:\Users\Eva\AppData\Local\de.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.02.25 01:10:08 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Buhl Data Service
[2009.06.06 19:39:47 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\CupcakeCafe
[2011.10.31 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\FRITZ!
[2012.08.13 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\OfficeRecovery
[2011.03.02 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\PCDr
[2012.08.15 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\pdfforge
[2012.09.15 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\SharePod
[2009.02.12 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template
[2011.03.13 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\TotalRecorder
[2009.10.23 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 440 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:B72729D8

< End of report >
         
Viele Grüße
Odile

Alt 19.10.2012, 19:07   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Wie läuft der Rechner? Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.10.2012, 21:07   #13
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Nein, keine Auffälligkeiten. Hab ich nochmal Glück gehabt?

Grüße
Odile

Alt 20.10.2012, 14:43   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Scheint so


Windows-Taste+R > Combofix /Uninstall > Enter


OTL öffnen > Button Bereinigung drücken


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.10.2012, 17:25   #15
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef



Prima, vielen Dank für die vielen Infos, nur noch zwei kurze Fragen:

1. Soll ich die Security Essentials Funde löschen?
2. Was geschieht mit den ESET-Funden? Soweit ich sehen kann, sind diese noch an ihrem urspünglichen Ort und nicht in Quarantäne?

Vielen Dank
Odile

Antwort

Themen zu Vista - Security Essentials findet Zbot und Sirefef
adobe, adobe flash player, autorun, bho, bonjour, defender, dsl, error, explorer, firefox, flash player, format, home, intranet, ordner, programme, registry, security, software, temp, trojaner, ups, vista, winlogon, wmp



Ähnliche Themen: Vista - Security Essentials findet Zbot und Sirefef


  1. Microsoft Security Essentials findet wiederholt Trojan:Win32 und BrowserModifier:Win32
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (13)
  2. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2014 (4)
  3. Microsoft Security Essentials findet TrojanerDropper Rotbrow.A,E und D
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (5)
  4. WIN32/Zbot.gen!Y - trotz Microsoft Security Essentials
    Log-Analyse und Auswertung - 07.05.2013 (17)
  5. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  6. PWS:WIn32/ZBOT.gen!aj von Microsoft Security Essentials entdeckt
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (9)
  7. Windows Vista - Infektion mit Sirefef, Sirefef.AB
    Log-Analyse und Auswertung - 21.10.2012 (32)
  8. Microsoft Security Essentials findet Win32/Zbot.gen!Y
    Log-Analyse und Auswertung - 21.07.2012 (26)
  9. Sirefef Windows Security Essentials bereinigt nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  10. Sirefef.AK, M und W gefunden (Microsoft Security Essentials)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  11. Microsoft Security Essentials: WinNT/Sirefef.J, Win32/Karagany.I, Win32/Small.TG etc
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (44)
  12. Trojan:Wind32/Sirefef.P wurde von MS Essentials gemeldet...
    Log-Analyse und Auswertung - 04.03.2012 (7)
  13. AV Security Essentials entfernen
    Anleitungen, FAQs & Links - 05.02.2012 (2)
  14. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2011 (1)
  15. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2011 (76)
  16. Security Essentials Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (1)
  17. MYsecurity center findet Trojaner (Kollah, Zbot) + rogue security software, entfernt sie aber nicht
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (10)

Zum Thema Vista - Security Essentials findet Zbot und Sirefef - Hallo an die Spezialisten, Microsoft Security Essentials hat auf meinem Rechner während des Surfens im Ordner Appdata\Local\Temp\low mehrere Trojaner gefunden, unter anderem oben genannte. Einer wurde gelöscht, die anderen befinden - Vista - Security Essentials findet Zbot und Sirefef...
Archiv
Du betrachtest: Vista - Security Essentials findet Zbot und Sirefef auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.