Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojanerwarnung Zeus/ZBot von Telekom

Trojanerwarnung Zeus/ZBot von Telekom


Log-Analyse und Auswertung: Trojanerwarnung Zeus/ZBot von Telekom

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.10.2012, 22:40   #1
Zico2035
 
Trojanerwarnung Zeus/ZBot von Telekom - Standard

Trojanerwarnung Zeus/ZBot von Telekom


Hallo,
ich habe von der Telekom ein Schreiben bekommen, dass über unseren Internetzugang ein Rechner mit dem Trojaner Zeus/ZBot betrieben wird.
Die Telekom empfiehlt einen DE Cleaner und das Tool Malewarbytes.
Beide Tools haben auf unseren 3 Rechner keine infizierte Datei gefunden.
Nun habe ich für die ersten beiden Rechner die Dateien OTL / EXTRA und GMER erstellt. Die Dateien für den 3.Rechner werde ich morgen nachreichen.

Ich hoffe es kann mir jemand helfen. Im Voraus schon mal Besten Dank!!!

---Rechner 1---OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.10.2012 22:17:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zico\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 62,89% Memory free
5,73 Gb Paging File | 4,52 Gb Available in Paging File | 78,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 213,78 Gb Free Space | 80,07% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS
Drive F: | 3,74 Gb Total Space | 0,97 Gb Free Space | 25,95% Space Free | Partition Type: FAT32
 
Computer Name: ZICO-PC | User Name: Zico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.26 22:05:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zico\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.28 13:18:24 | 000,842,680 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.09.28 13:18:10 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.09.28 13:18:08 | 000,965,560 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.17 15:24:38 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.05.13 08:42:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.13 08:42:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.13 08:42:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.28 15:09:18 | 003,128,856 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.08.24 11:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010.06.12 08:10:38 | 000,089,600 | ---- | M] (ZTE) -- C:\Programme\congstar\Internetmanager\Bin\mcserver.exe
PRC - [2010.05.13 10:42:22 | 000,031,232 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe
PRC - [2010.05.13 10:42:16 | 000,215,552 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe
PRC - [2010.05.13 10:42:00 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe
PRC - [2010.05.10 13:54:38 | 001,725,440 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2010.04.06 17:58:46 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.12 18:33:17 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\d23b01a64cf80e053601c4267e4fd500\Kies.Theme.ni.dll
MOD - [2012.10.12 18:33:16 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\1e9b27652a316ea1be272da27e4e4bf5\DevicePodcast.ni.dll
MOD - [2012.10.12 18:33:16 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\98366221c5115f271d60d42b15689a18\DeviceVideo.ni.dll
MOD - [2012.10.12 18:33:15 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\1808d6f540021dce49e23599d3971c50\DevicePhoto.ni.dll
MOD - [2012.10.12 18:33:14 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\388118e609f3d65edb6c442c52171f09\VideoManager.ni.dll
MOD - [2012.10.12 18:33:14 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\62a1fa777a754af2d987247f1c5985bc\DeviceMusic.ni.dll
MOD - [2012.10.12 18:33:13 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\e541621fbd92983eb2c6cdd1a9951687\PodcastService.ni.dll
MOD - [2012.10.12 18:33:12 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\97a0f11b8177acc8a95a6c635e557aa7\PhotoManager.ni.dll
MOD - [2012.10.12 18:33:11 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\c4faa0689ddc56832ef999311c384b5e\Podcaster.ni.dll
MOD - [2012.10.12 18:33:05 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f7438e8792ff761ab04de548b86b34ee\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.10.12 18:33:04 | 005,844,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\a1b2c3bf7094fd3ccd18ce5ec00c8ce0\DeviceHost.ni.dll
MOD - [2012.10.12 18:32:56 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\3489c5b205b2b44014af9fd155e53673\Phonebook.ni.dll
MOD - [2012.10.12 18:03:28 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\7909199a903818ba9dcac10530973cf1\CPKTMusicPlugin.ni.dll
MOD - [2012.10.12 18:03:27 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\2b956a2538154b0700c63ed448f85a50\MusicManager.ni.dll
MOD - [2012.10.12 18:03:24 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\77db7c11565e7c578af85f98d4da402e\EBookManager.ni.dll
MOD - [2012.10.12 18:03:23 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\b6b0a5596f2f24e5c1bf812232501542\BATPlugin.ni.dll
MOD - [2012.10.12 18:03:22 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\708193d4cde329dc3199e733813ae5d2\Kies.Common.MediaDB.ni.dll
MOD - [2012.10.12 18:03:22 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\adade9500ed44a6f32e2880c67520f79\AllShareController.ni.dll
MOD - [2012.10.12 18:03:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\1a29d9607fbb83104033401d24af9d58\Kies.Common.StoreManager.ni.dll
MOD - [2012.10.12 18:03:21 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6102c0c1946d501689160fe584f60187\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.10.12 18:03:21 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\47bd04c74f55829505bd529158777412\Kies.Common.AllShare.ni.dll
MOD - [2012.10.12 18:03:20 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\43869938ae42bdd3c87372f59709ccc7\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.10.12 18:03:20 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\16abfc99ebc0a624c94b992b5053c645\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.10.12 18:03:20 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll
MOD - [2012.10.12 18:03:19 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\76da6889c1b613b9e78e18fef9d8d0fb\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.10.12 18:03:18 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\08f29d5f5d29bf8ea06127a16c76f15d\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.10.12 18:03:17 | 000,907,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5e69ae6329851969fb12c61a4c47ea60\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.10.12 18:03:16 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0e3c5853ff5205e77986b38c7bda7067\Kies.Common.DeviceService.ni.dll
MOD - [2012.10.12 18:03:14 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\0366a817ca61829eba890df6ccbb6118\Kies.Common.Multimedia.ni.dll
MOD - [2012.10.12 18:03:14 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.10.12 18:03:11 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\fb7924a9515a3832c0e7285c901b0618\Kies.Common.MainUI.ni.dll
MOD - [2012.10.12 18:03:10 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.10.12 18:03:10 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\5ebd8beddb3da24eab687d134eb040d3\Kies.Common.DBManager.ni.dll
MOD - [2012.10.12 18:03:09 | 001,459,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\842f3cd24c9583310412c052f80d38c1\Kies.Locale.ni.dll
MOD - [2012.10.12 18:03:09 | 000,271,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\08c1464a14994ac0d1686fad672b8a36\Kies.Common.Util.ni.dll
MOD - [2012.10.12 18:03:09 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll
MOD - [2012.10.12 18:03:08 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\2babc7694a8dbbf97533e751563f2552\Kies.UI.ni.dll
MOD - [2012.10.12 18:03:08 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll
MOD - [2012.10.12 18:03:05 | 001,198,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\3f7369afe1f4d748ff773dcc4d7c4317\Kies.Interface.ni.dll
MOD - [2012.10.12 18:03:04 | 001,688,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f40670837262c4b6717a1c852bd84f4f\Kies.ni.exe
MOD - [2012.10.05 13:25:12 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll
MOD - [2012.10.05 13:25:02 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.10.05 13:25:02 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.10.05 13:25:02 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.10.05 13:24:54 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012.10.05 13:24:48 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.09.30 18:29:22 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012.07.12 21:10:09 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.06.23 13:06:19 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.23 13:06:00 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.23 13:05:48 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.02 13:07:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.19 11:59:50 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.19 11:59:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.19 11:59:45 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.19 11:59:39 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.19 11:59:32 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.06.17 09:53:14 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\audio.dll
MOD - [2010.06.17 09:53:12 | 000,089,600 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\itapi.dll
MOD - [2010.06.17 09:53:06 | 000,054,272 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\coder.dll
MOD - [2010.06.17 09:53:00 | 000,025,088 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\log.dll
MOD - [2010.06.12 08:10:20 | 000,034,304 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\libctlsvr.dll
MOD - [2010.05.13 10:42:22 | 000,031,232 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe
MOD - [2010.05.13 10:42:16 | 000,215,552 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe
MOD - [2010.05.13 10:42:00 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe
MOD - [2010.05.13 10:41:52 | 000,055,808 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\libgconfbackend-xml.dll
MOD - [2010.05.13 10:41:36 | 000,157,696 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\libgconf-2.dll
MOD - [2010.05.13 10:41:18 | 000,594,432 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\dbus-1.dll
MOD - [2010.05.13 10:39:54 | 000,341,504 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\sqlite3.dll
MOD - [2010.05.10 13:39:14 | 000,772,096 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2010.04.21 11:00:35 | 000,058,368 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.19 13:20:37 | 000,043,008 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_02.dll
MOD - [2009.03.28 09:19:06 | 000,080,688 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\zlib1.dll
MOD - [2008.05.06 13:50:00 | 000,971,776 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\libxml2.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\libexpat.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.13 11:56:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.05.13 08:42:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.13 08:42:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 15:09:18 | 003,128,856 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Zico\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.05.13 08:42:22 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.13 08:42:22 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.31 17:41:08 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2011.12.08 06:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011.12.08 06:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011.12.08 06:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.03.24 17:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.02.04 13:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.02.03 05:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.01.19 18:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {A8C0CC0C-762F-4D71-B6E6-CFB24C35310F}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{523B15F3-5D25-4F06-88B6-8C3EA17ED9DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{A8C0CC0C-762F-4D71-B6E6-CFB24C35310F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
 
[2010.07.17 16:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zico\AppData\Roaming\mozilla\Extensions
[2010.07.17 16:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Zico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F5BE985-C07B-48F2-A817-363481E68985}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3983E6FB-93A5-4349-A4E2-892232192B49}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEC456E-65DE-4427-8D16-A7796B306D58}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE461E9-3F24-4351-85F3-DE5D1EF8596C}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f737b263-83a1-11df-851c-00262dbf1676}\Shell - "" = AutoRun
O33 - MountPoints2\{f737b263-83a1-11df-851c-00262dbf1676}\Shell\AutoRun\command - "" = F:\Data\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.26 22:05:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zico\Desktop\OTL.exe
[2012.10.26 18:35:49 | 000,000,000 | ---D | C] -- C:\Users\Zico\AppData\Roaming\Malwarebytes
[2012.10.26 18:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.26 18:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 18:35:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.26 18:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.21 13:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012.10.21 13:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012.10.21 13:51:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012.10.13 17:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2012.10.13 17:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.10.13 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\devolo
[2012.10.12 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2012.10.12 17:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Netzmanager
[2012.10.12 17:41:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2012.10.12 17:40:49 | 000,000,000 | ---D | C] -- C:\Users\Zico\AppData\Local\Deutsche Telekom
[2012.10.12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Zico\AppData\Local\mquadr.at
[2012.10.12 17:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2012.10.12 17:28:22 | 001,142,656 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\System32\M2ElevatedCalls.dll
[2012.10.12 17:28:22 | 000,948,608 | ---- | C] (mquadr.at software engineering) -- C:\Windows\System32\M2ElevatedNetworkAdapters.dll
[2012.10.12 17:28:22 | 000,238,080 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\System32\WiFiMan.dll
[2012.10.12 17:28:22 | 000,066,557 | ---- | C] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Windows\System32\SSDPDiscovery.dll
[2012.10.12 17:28:17 | 000,000,000 | ---D | C] -- C:\Users\Zico\AppData\Local\PackageAware
[2012.10.12 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Zico\AppData\Local\DTAG
[2012.10.07 11:42:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.07 11:42:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.10.07 11:41:53 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.10.07 11:41:53 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.26 22:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.26 22:14:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.26 22:13:22 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.26 22:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Zico\defogger_reenable
[2012.10.26 22:06:36 | 000,302,592 | ---- | M] () -- C:\Users\Zico\Desktop\gmer.exe
[2012.10.26 22:05:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zico\Desktop\OTL.exe
[2012.10.26 22:05:12 | 000,050,477 | ---- | M] () -- C:\Users\Zico\Desktop\Defogger.exe
[2012.10.26 21:27:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.26 21:27:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.26 21:27:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.26 21:27:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.26 18:35:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 18:21:31 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 18:21:31 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 17:30:56 | 000,002,060 | ---- | M] () -- C:\Users\Zico\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.24 17:30:56 | 000,001,989 | ---- | M] () -- C:\Users\Zico\Desktop\Avira DE-Cleaner.lnk
[2012.10.21 13:51:56 | 000,001,063 | ---- | M] () -- C:\Users\Zico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.10.21 13:51:34 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2012.10.14 13:29:44 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\devolo dLAN Cockpit.lnk
[2012.10.13 12:08:55 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.26 22:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Zico\defogger_reenable
[2012.10.26 22:06:36 | 000,302,592 | ---- | C] () -- C:\Users\Zico\Desktop\gmer.exe
[2012.10.26 22:05:12 | 000,050,477 | ---- | C] () -- C:\Users\Zico\Desktop\Defogger.exe
[2012.10.26 18:35:36 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.24 17:30:56 | 000,002,060 | ---- | C] () -- C:\Users\Zico\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.24 17:30:56 | 000,001,989 | ---- | C] () -- C:\Users\Zico\Desktop\Avira DE-Cleaner.lnk
[2012.10.21 13:51:56 | 000,001,063 | ---- | C] () -- C:\Users\Zico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.10.21 13:51:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2012.10.13 17:33:00 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\devolo dLAN Cockpit.lnk
[2012.10.13 11:56:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.02.10 21:17:22 | 000,006,144 | ---- | C] () -- C:\Users\Zico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.07 20:22:38 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.07.14 22:05:55 | 000,000,017 | ---- | C] () -- C:\Users\Zico\AppData\Local\resmon.resmoncfg
[2010.06.18 20:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Zico\AppData\Roaming\wklnhst.dat
[2010.06.18 18:10:07 | 000,000,680 | RHS- | C] () -- C:\Users\Zico\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.06.20 16:24:43 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Ashampoo
[2010.12.03 18:23:18 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\becker
[2010.06.26 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Buhl Data Service
[2012.07.20 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Garmin
[2010.06.29 19:19:48 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Internetmanager
[2010.06.18 18:13:29 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\MAGIX
[2012.06.07 10:16:35 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Nokia Ovi Suite
[2011.02.10 21:13:47 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\PC Suite
[2012.10.07 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Samsung
[2012.05.06 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Temp
[2010.06.20 09:15:12 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Template
[2010.07.17 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\TomTom
[2010.06.20 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Zico\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

---Rechner 2---OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.10.2012 21:30:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,53% Memory free
3,98 Gb Paging File | 2,84 Gb Available in Paging File | 71,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 53,56 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,17 Gb Free Space | 64,91% Space Free | Partition Type: FAT32
 
Computer Name: NOTEBOOK | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.26 21:22:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.10 18:36:24 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.02.05 19:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 19:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 19:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [1995.11.07 09:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\crlscsi.sys -- (crlscsi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 44 E0 51 0E 80 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {54F08730-A238-4794-9C21-BC850F947A1D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{54F08730-A238-4794-9C21-BC850F947A1D}: "URL" = hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}&meta=&aq=f&oq=&rlz=1I7SKPT_deDE432
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2009.12.26 13:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2009.12.26 13:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD789C7-50E8-4C50-A28C-62CA6E0AA161}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88974FD8-CD6C-4AD0-99F4-45FC0E7CC192}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.26 21:22:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.26 20:34:58 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\zbotkiller
[2012.10.26 19:27:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012.10.26 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 19:26:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.26 19:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.26 19:02:49 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.10.26 19:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.26 18:58:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012.10.26 18:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 18:52:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.26 18:52:31 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.26 18:52:31 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.26 18:52:31 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.26 18:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.26 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.26 21:29:19 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012.10.26 21:25:30 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 21:25:30 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 21:22:45 | 000,302,592 | ---- | M] () -- C:\Users\Stefan\Desktop\x0qhvohc.exe
[2012.10.26 21:22:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.26 21:21:53 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2012.10.26 21:10:50 | 000,654,194 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.26 21:10:50 | 000,616,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.26 21:10:50 | 000,130,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.26 21:10:50 | 000,106,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.26 20:40:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.26 19:26:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 18:52:49 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.26 18:50:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.26 18:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.26 18:50:02 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 17:43:26 | 000,002,071 | ---- | M] () -- C:\Users\Stefan\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.24 17:43:26 | 000,002,000 | ---- | M] () -- C:\Users\Stefan\Desktop\Avira DE-Cleaner.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.26 21:29:19 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012.10.26 21:22:45 | 000,302,592 | ---- | C] () -- C:\Users\Stefan\Desktop\x0qhvohc.exe
[2012.10.26 21:21:53 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2012.10.26 19:26:57 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 18:52:49 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.24 17:31:09 | 000,002,071 | ---- | C] () -- C:\Users\Stefan\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.24 17:31:09 | 000,002,000 | ---- | C] () -- C:\Users\Stefan\Desktop\Avira DE-Cleaner.lnk
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.21 14:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.18 21:19:36 | 000,000,680 | RHS- | C] () -- C:\Users\Stefan\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.03 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Samsung
[2009.12.26 13:07:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
 

Themen zu Trojanerwarnung Zeus/ZBot von Telekom
adobe, avg, avira, bonjour, defender, ebay, entfernen, firefox, flash player, google, home, intranet, launch, object, plug-in, realtek, scan, senden, software, telekom, trojaner, windows, zeus/zbot, zeus/zbot warnung von der telekom, zeusbot


« GVU-Trojaner 2.07, Windows 7 | System Progressive Protection - Entfernung »


Ähnliche Themen: Trojanerwarnung Zeus/ZBot von Telekom


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  3. Telekom e-mail Zeus/ZBot
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. Telekom Brief - ZeuS/ZBot Infektion
    Log-Analyse und Auswertung - 26.11.2013 (9)
  5. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  6. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  7. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  8. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  9. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  10. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  11. Telekom-Hinweis auf ZeuS/ZBot
    Log-Analyse und Auswertung - 18.02.2013 (7)
  12. Zeus/Zbot Trojaner Meldung von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (7)
  13. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  14. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)
  15. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  16. Telekom verweist auf ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  17. Telekom beanstandet ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojanerwarnung Zeus/ZBot von Telekom - Hallo, ich habe von der Telekom ein Schreiben bekommen, dass über unseren Internetzugang ein Rechner mit dem Trojaner Zeus/ZBot betrieben wird. Die Telekom empfiehlt einen DE Cleaner und das Tool - Trojanerwarnung Zeus/ZBot von Telekom...
Archiv
Du betrachtest: Trojanerwarnung Zeus/ZBot von Telekom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131