Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Anscheinden teil eines Botnetses! (Zeus Bot)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.10.2013, 13:20   #16
LawrenceEU
 
Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



EST:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba06711a6d3f7c4fbbdc1f75f9fc29f2
# engine=15401
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 04:36:17
# local_time=2013-10-08 06:36:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 98 15333 77574127 0 0
# compatibility_mode=1799 16775165 100 97 94050 246673467 86838 0
# compatibility_mode=5893 16776574 100 94 7708084 132880027 0 0
# scanned=314440
# found=24
# cleaned=24
# scan_time=14003
sh=484B56AF972F0235A337F69A9FEC73874C6BF04B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\sonstiges\backup pc\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\4\8C\4F51Dd01"
sh=F93359F294D5301D036BA255833D91E802B68882 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\sonstiges\backup pc\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\A\87\770CEd01"
sh=04ED75D19A3E4FA52A219B5C14B7338D471B5A31 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\sonstiges\backup pc\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\F\86\9168Ed01"
sh=F585AD21335A6FEAC294FAD39DDCC581F194B638 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCP trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\sonstiges\backup pc\C\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5fbae444-7a351ff3"
sh=072AE8E0D0D47DD5AC3E8C823C0A71AC48301611 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.HNVFQAV trojan (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\sonstiges\backup pc\C\Users\Fabian\Downloads\AceOfSpadesHack 0.70 w. hInjector.zip"
sh=484B56AF972F0235A337F69A9FEC73874C6BF04B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\4\8C\4F51Dd01"
sh=F93359F294D5301D036BA255833D91E802B68882 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\A\87\770CEd01"
sh=04ED75D19A3E4FA52A219B5C14B7338D471B5A31 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\F\86\9168Ed01"
sh=F585AD21335A6FEAC294FAD39DDCC581F194B638 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCP trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner\C\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5fbae444-7a351ff3"
sh=072AE8E0D0D47DD5AC3E8C823C0A71AC48301611 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.HNVFQAV trojan (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner\C\Users\Fabian\Downloads\AceOfSpadesHack 0.70 w. hInjector.zip"
sh=484B56AF972F0235A337F69A9FEC73874C6BF04B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner (4)\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\4\8C\4F51Dd01"
sh=F93359F294D5301D036BA255833D91E802B68882 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner (4)\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\A\87\770CEd01"
sh=04ED75D19A3E4FA52A219B5C14B7338D471B5A31 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner (4)\C\Users\Fabian\AppData\Local\Mozilla\Firefox\Profiles\qx5kyn0h.default\Cache\F\86\9168Ed01"
sh=F585AD21335A6FEAC294FAD39DDCC581F194B638 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCP trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner (4)\C\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5fbae444-7a351ff3"
sh=072AE8E0D0D47DD5AC3E8C823C0A71AC48301611 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.HNVFQAV trojan (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\Alles\Szene\Szene\wichtig\Neuer Ordner (4)\C\Users\Fabian\Downloads\AceOfSpadesHack 0.70 w. hInjector.zip"
sh=D2CF375AD192A3B329529CBB868DC90406A4A53E ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\TEST.RAR"
sh=5EE10C654D95BC6626C6F130A973FCDB3878DB07 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\Neuer Ordner (7)\Pay_EN.php"
sh=90923DA8421892DC5C440A8B2A571C8A22566A82 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\Neuer Ordner (7)\Pay_ES.php"
sh=0364E759201E618BC4CB53A0EF09D22E230028C1 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\Neuer Ordner (7)\Pay_FR.php"
sh=5EE10C654D95BC6626C6F130A973FCDB3878DB07 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\pp\Pay_EN.php"
sh=90923DA8421892DC5C440A8B2A571C8A22566A82 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\pp\Pay_ES.php"
sh=0364E759201E618BC4CB53A0EF09D22E230028C1 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Desktop\wm\pp\Pay_FR.php"
sh=FE0487E9590B637A8D383F433F84DAAEC3312A27 ft=0 fh=0000000000000000 vn="HTML/Phishing.PayPal.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Fabian\Documents\index.htm"
sh=066E1363E35819020FBD09CF9A359F726736D170 ft=0 fh=0000000000000000 vn="MSIL/PSW.Agent.NFW trojan (deleted - quarantined)" ac=C fn="C:\Users\Fabian\Downloads\Paysafecard Money Doubler.rar"
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Fabian (administrator) on FABIAN-PC on 11-10-2013 14:23:51
Running from C:\Users\Fabian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vprintproxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-06-05] (TrueCrypt Foundation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1024000 2010-05-21] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] - C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-04-21] (Wireless Service)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 %SystemRoot%\system32\PrxerNsp.dll [56424] ()
Winsock: Catalog9 01 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 02 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 03 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 04 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 15 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog5-x64 09 %SystemRoot%\system32\PrxerNsp.dll [56936] ()
Winsock: Catalog9-x64 01 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default
FF DefaultSearchEngine: Google
FF Homepage: https://google.de
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,"
FF NetworkProxy: "socks", "85.183.157.190"
FF NetworkProxy: "socks_port", 7264
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\searchplugins\webwebweb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cookies Manager+ - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: cssreloader - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\cssreloader@kenneth.io.xpi
FF Extension: newtaburl - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\newtaburl@sogame.cat.xpi
FF Extension: vdpure - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\vdpure@link64.xpi
FF Extension: No Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
FF Extension: No Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: No Name - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\gjyuprge.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome: 
=======
CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=5D38C53E-0A09-4D64-B1C2-E260C068D8B6&apn_ptnrs=U3&apn_sauid=AA116D86-B454-455F-BD31-1253158BCFDD&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - c:\program files (x86)\google\chrome\application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - c:\program files (x86)\google\chrome\application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - c:\program files (x86)\google\chrome\application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Klicken, um Gutscheine f\u00FCr die aktuelle Seite anzuzeigen) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh\1.1.0.0_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1
CHR Extension: (Virtual Keyboard) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1
CHR HKLM-x32\...\Chrome\Extension: [cpjacnemeogppppmlcoafbiacilcpngh] - C:\Program Files (x86)\shopping-preise.de\shopping-preise-hrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-04-21] (Wireless Service)
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-03-03] ()
R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [5395968 2010-06-07] (hMailServer)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-20] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 14:10 - 2013-10-09 14:10 - 00003112 _____ C:\Windows\System32\Tasks\{8379B420-33C0-4895-95B6-48A947B2A21A}
2013-10-07 22:27 - 2013-10-07 22:27 - 00003112 _____ C:\Windows\System32\Tasks\{E319311D-36C0-4675-A6F8-8142397D5592}
2013-10-07 22:27 - 2013-10-07 22:27 - 00000000 _____ C:\Windows\SysWOW64\sho4F01.tmp
2013-10-07 20:45 - 2013-10-07 20:45 - 01954124 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe
2013-10-07 20:43 - 2013-10-07 20:43 - 00891167 _____ C:\Users\Fabian\Downloads\SecurityCheck.exe
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-07 20:42 - 2013-10-07 20:42 - 02347384 _____ (ESET) C:\Users\Fabian\Downloads\esetsmartinstaller_enu.exe
2013-10-06 23:11 - 2013-10-06 23:11 - 00003112 _____ C:\Windows\System32\Tasks\{8A32442A-17EA-4C35-AA52-D160588CCC90}
2013-10-06 21:54 - 2013-10-06 21:54 - 00000000 ____D C:\Users\Fabian\Desktop\Neuer Ordner (3)
2013-10-06 21:37 - 2013-10-06 21:37 - 00016807 _____ C:\Users\Fabian\Desktop\JRT.txt
2013-10-06 21:30 - 2013-10-06 21:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 21:29 - 2013-10-06 21:31 - 00000000 ____D C:\AdwCleaner
2013-10-06 21:29 - 2013-10-06 21:29 - 01032220 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2013-10-06 21:25 - 2013-10-06 21:25 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Malwarebytes
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 21:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 21:24 - 2013-10-06 21:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Fabian\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-06 21:24 - 2013-10-06 21:24 - 01045226 _____ C:\Users\Fabian\Downloads\adwcleaner.exe
2013-10-06 16:28 - 2013-10-06 16:28 - 00003112 _____ C:\Windows\System32\Tasks\{7A5ECCE5-092B-448A-B26A-394DEA2DB194}
2013-10-05 16:28 - 2013-10-05 16:28 - 00003112 _____ C:\Windows\System32\Tasks\{2D884133-9B21-4A4B-A4FA-9DAD4D09AF5A}
2013-10-04 18:59 - 2013-10-05 01:56 - 00000000 ____D C:\Program Files\Wireshark
2013-10-04 01:43 - 2013-10-04 01:43 - 00003112 _____ C:\Windows\System32\Tasks\{8A010BD7-A47F-484C-AFF4-B04930B96B51}
2013-10-03 15:06 - 2013-10-03 15:06 - 00026143 _____ C:\ComboFix.txt
2013-10-03 14:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-03 14:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-03 14:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-03 14:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-03 14:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-03 14:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-03 14:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-03 14:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-03 14:52 - 2013-10-03 15:06 - 00000000 ____D C:\Qoobox
2013-10-03 14:51 - 2013-10-03 15:05 - 00000000 ____D C:\Windows\erdnt
2013-10-03 14:50 - 2013-10-03 14:51 - 05130107 ____R (Swearware) C:\Users\Fabian\Downloads\ComboFix.exe
2013-10-03 00:47 - 2013-10-03 00:47 - 00003112 _____ C:\Windows\System32\Tasks\{3A71ACE9-83DC-4913-8DE6-779B27F8F513}
2013-10-02 22:31 - 2013-10-02 22:31 - 00000873 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-10-02 22:31 - 2013-10-02 22:31 - 00000000 ____D C:\Program Files\CPUID
2013-10-02 22:30 - 2013-10-02 22:30 - 00614816 _____ C:\Users\Fabian\Downloads\CPU Z - CHIP-Downloader.exe
2013-10-02 17:30 - 2013-10-02 17:52 - 27966944 _____ (Wireshark development team) C:\Users\Fabian\Downloads\Wireshark-win64-1.10.2.exe
2013-10-02 14:34 - 2013-10-02 15:49 - 00116812 _____ C:\Users\Fabian\Downloads\Addition.txt
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\FRST
2013-10-02 14:31 - 2013-10-02 14:31 - 01953880 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2013-10-02 14:28 - 2013-10-02 14:28 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabian\Downloads\SpyHunter-Installer.exe
2013-10-02 14:11 - 2013-10-02 14:11 - 03640880 _____ C:\Users\Fabian\Downloads\avg_remover_zbot.exe
2013-10-02 14:02 - 2013-10-02 14:02 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Downloads\zbotkiller.exe
2013-10-02 14:02 - 2013-10-02 14:02 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\zbotkiller(1).exe
2013-10-01 22:21 - 2013-10-01 22:21 - 00003112 _____ C:\Windows\System32\Tasks\{34236D5E-4705-40B6-A857-895F1637DEE9}
2013-10-01 21:39 - 2013-09-28 21:04 - 00000000 ____D C:\Users\Fabian\Desktop\DCVDNS
2013-10-01 21:27 - 2013-10-01 21:38 - 174693502 _____ C:\Users\Fabian\Downloads\WINRAR-ARCHIV_(NEU).RAR
2013-10-01 18:25 - 2013-10-01 18:25 - 03247932 _____ (Tim Witschel Serververmietung                               ) C:\Users\Fabian\Downloads\anotherlifesetup(1).exe
2013-09-30 22:34 - 2013-09-30 22:34 - 00003112 _____ C:\Windows\System32\Tasks\{CBCB2BE4-51A9-4A6B-B0D1-C5E5525B1996}
2013-09-29 21:58 - 2013-09-29 21:58 - 00003112 _____ C:\Windows\System32\Tasks\{9B1610D3-6ACB-4319-85F3-849FC6B3DC87}
2013-09-29 00:47 - 2013-09-29 00:47 - 00003112 _____ C:\Windows\System32\Tasks\{283B5185-175A-4890-922B-667ADEAA4ABB}
2013-09-29 00:47 - 2013-09-29 00:47 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-09-28 00:22 - 2013-09-28 00:22 - 00003112 _____ C:\Windows\System32\Tasks\{70463F0D-ED93-4408-AA3F-111A0DF33DD5}
2013-09-26 21:30 - 2013-09-26 21:30 - 00003112 _____ C:\Windows\System32\Tasks\{6A823FFB-F815-4A95-BACE-F6E0E4AD13E8}
2013-09-26 21:11 - 2013-09-26 21:11 - 00000848 _____ C:\Users\Fabian\Desktop\dsqwejsad.html
2013-09-26 21:10 - 2013-09-26 21:10 - 00000813 _____ C:\Users\Fabian\Desktop\asdasdasdhjsdau89uias.html
2013-09-26 21:09 - 2013-09-26 21:09 - 00000813 _____ C:\Users\Fabian\Desktop\asdasdasdhjsdau89uias.html.de
2013-09-26 21:06 - 2013-09-26 21:06 - 00000000 _____ C:\Users\Fabian\Desktop\Neues Textdokument (5).txt
2013-09-26 08:47 - 2013-09-26 08:47 - 00003112 _____ C:\Windows\System32\Tasks\{A03BB185-6AD9-42B6-8161-C528AE8CFF80}
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\Users\Fabian\AppData\Local\Adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\ProgramData\Adobe
2013-09-25 22:05 - 2013-09-25 22:05 - 00003112 _____ C:\Windows\System32\Tasks\{2B61C701-B82C-45FC-8FCC-E804750B9A37}
2013-09-25 16:13 - 2013-09-25 16:13 - 00003112 _____ C:\Windows\System32\Tasks\{A1E9E122-586C-4117-8E89-3331DEA846CB}
2013-09-23 20:48 - 2013-09-23 20:48 - 00003112 _____ C:\Windows\System32\Tasks\{0C439FAF-B853-4490-A552-5FD6AEF67659}
2013-09-22 21:56 - 2013-09-22 21:56 - 00003112 _____ C:\Windows\System32\Tasks\{89BDEDCB-5DB8-48E5-8BF3-2C473666C920}
2013-09-22 21:43 - 2013-09-22 21:43 - 00000091 _____ C:\Users\Fabian\Desktop\Neues Textdokument (4).txt
2013-09-22 20:23 - 2013-10-01 15:03 - 01493872 _____ (Sysinternals - www.sysinternals.com) C:\Users\Fabian\Desktop\PROCEXP64.exe
2013-09-22 15:58 - 2013-09-22 15:58 - 00003112 _____ C:\Windows\System32\Tasks\{123DF075-3EDB-4879-9823-C74F0C8ED84C}
2013-09-19 07:46 - 2013-09-19 07:46 - 00003112 _____ C:\Windows\System32\Tasks\{BB5D0016-361B-4462-884C-8C431A667829}
2013-09-18 16:15 - 2013-09-18 16:15 - 00003112 _____ C:\Windows\System32\Tasks\{690FA7B9-08B7-4B05-AB86-1953A02D4DBC}
2013-09-16 20:36 - 2013-09-16 20:36 - 17873373 _____ C:\Users\Fabian\Downloads\OHNE_TITEL.RAR
2013-09-12 09:00 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 09:00 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 09:00 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 09:00 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 09:00 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 09:00 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 09:00 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 09:00 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 09:00 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 09:00 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 09:00 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 09:00 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 09:00 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 09:00 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 09:00 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 09:00 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 09:00 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 09:00 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 09:00 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 09:00 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 09:00 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-12 09:00 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 09:00 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-12 09:00 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 09:00 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 09:00 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-12 09:00 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-12 09:00 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 09:00 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 09:00 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 09:00 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-12 09:00 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 08:52 - 2013-09-12 08:52 - 00709687 _____ C:\Users\Fabian\Desktop\12-09-13
2013-09-12 08:09 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 08:09 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 08:09 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 08:09 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 08:09 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 08:09 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 08:09 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 08:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 08:09 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 08:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 08:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 08:09 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 08:09 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 08:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 08:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 08:09 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 08:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 08:09 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 08:09 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 08:09 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 08:09 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 08:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:09 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 08:09 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 08:09 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 08:09 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-11 14:25 - 2013-05-03 20:43 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\NetSpeedMonitor
2013-10-11 14:21 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-11 14:19 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 14:19 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 14:15 - 2012-04-15 18:54 - 01292071 _____ C:\Windows\WindowsUpdate.log
2013-10-11 14:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-11 14:13 - 2012-12-29 17:01 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\VMware
2013-10-11 14:13 - 2012-12-29 17:01 - 00000000 ____D C:\Users\Fabian\AppData\Local\VMware
2013-10-11 14:12 - 2012-09-06 17:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-11 14:12 - 2012-04-16 16:32 - 00000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME
2013-10-11 14:12 - 2012-04-16 15:37 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-11 14:11 - 2012-12-29 16:59 - 00000000 ____D C:\ProgramData\VMware
2013-10-11 14:11 - 2012-04-15 18:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 14:10 - 2011-11-16 20:58 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-11 14:10 - 2010-11-21 05:47 - 00182424 _____ C:\Windows\PFRO.log
2013-10-11 14:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 14:10 - 2009-07-14 06:51 - 00036417 _____ C:\Windows\setupact.log
2013-10-09 22:20 - 2012-04-16 15:35 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Skype
2013-10-09 14:10 - 2013-10-09 14:10 - 00003112 _____ C:\Windows\System32\Tasks\{8379B420-33C0-4895-95B6-48A947B2A21A}
2013-10-09 14:10 - 2012-04-16 15:35 - 00000000 ____D C:\ProgramData\Skype
2013-10-08 18:35 - 2013-07-22 19:02 - 00000000 ____D C:\Users\Fabian\Desktop\wm
2013-10-07 22:27 - 2013-10-07 22:27 - 00003112 _____ C:\Windows\System32\Tasks\{E319311D-36C0-4675-A6F8-8142397D5592}
2013-10-07 22:27 - 2013-10-07 22:27 - 00000000 _____ C:\Windows\SysWOW64\sho4F01.tmp
2013-10-07 20:45 - 2013-10-07 20:45 - 01954124 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe
2013-10-07 20:43 - 2013-10-07 20:43 - 00891167 _____ C:\Users\Fabian\Downloads\SecurityCheck.exe
2013-10-07 20:43 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-07 20:42 - 2013-10-07 20:42 - 02347384 _____ (ESET) C:\Users\Fabian\Downloads\esetsmartinstaller_enu.exe
2013-10-07 15:15 - 2012-05-06 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-06 23:11 - 2013-10-06 23:11 - 00003112 _____ C:\Windows\System32\Tasks\{8A32442A-17EA-4C35-AA52-D160588CCC90}
2013-10-06 21:54 - 2013-10-06 21:54 - 00000000 ____D C:\Users\Fabian\Desktop\Neuer Ordner (3)
2013-10-06 21:37 - 2013-10-06 21:37 - 00016807 _____ C:\Users\Fabian\Desktop\JRT.txt
2013-10-06 21:31 - 2013-10-06 21:29 - 00000000 ____D C:\AdwCleaner
2013-10-06 21:30 - 2013-10-06 21:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 21:29 - 2013-10-06 21:29 - 01032220 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2013-10-06 21:25 - 2013-10-06 21:25 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Malwarebytes
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 21:25 - 2013-10-06 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 21:24 - 2013-10-06 21:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Fabian\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-06 21:24 - 2013-10-06 21:24 - 01045226 _____ C:\Users\Fabian\Downloads\adwcleaner.exe
2013-10-06 16:29 - 2012-04-21 15:06 - 00000000 ____D C:\Users\Fabian\AppData\Local\Mozilla
2013-10-06 16:28 - 2013-10-06 16:28 - 00003112 _____ C:\Windows\System32\Tasks\{7A5ECCE5-092B-448A-B26A-394DEA2DB194}
2013-10-06 16:28 - 2013-08-24 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-05 16:28 - 2013-10-05 16:28 - 00003112 _____ C:\Windows\System32\Tasks\{2D884133-9B21-4A4B-A4FA-9DAD4D09AF5A}
2013-10-05 16:12 - 2012-04-15 19:04 - 00000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME{01E2AAEB-2225-48AF-8F89-C0F2A63E5913}
2013-10-05 01:56 - 2013-10-04 18:59 - 00000000 ____D C:\Program Files\Wireshark
2013-10-04 15:32 - 2012-05-15 18:54 - 00000600 _____ C:\Users\Fabian\AppData\Local\PUTTY.RND
2013-10-04 01:43 - 2013-10-04 01:43 - 00003112 _____ C:\Windows\System32\Tasks\{8A010BD7-A47F-484C-AFF4-B04930B96B51}
2013-10-03 15:08 - 2012-04-15 19:05 - 00003284 _____ C:\Windows\SysWOW64\ANIWZCS{01E2AAEB-2225-48AF-8F89-C0F2A63E5913}
2013-10-03 15:08 - 2012-04-15 19:05 - 00003284 _____ C:\Users\Fabian\AppData\Roaming\ANIWZCS{01E2AAEB-2225-48AF-8F89-C0F2A63E5913}
2013-10-03 15:06 - 2013-10-03 15:06 - 00026143 _____ C:\ComboFix.txt
2013-10-03 15:06 - 2013-10-03 14:52 - 00000000 ____D C:\Qoobox
2013-10-03 15:05 - 2013-10-03 14:51 - 00000000 ____D C:\Windows\erdnt
2013-10-03 15:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-03 14:51 - 2013-10-03 14:50 - 05130107 ____R (Swearware) C:\Users\Fabian\Downloads\ComboFix.exe
2013-10-03 00:47 - 2013-10-03 00:47 - 00003112 _____ C:\Windows\System32\Tasks\{3A71ACE9-83DC-4913-8DE6-779B27F8F513}
2013-10-02 22:32 - 2012-05-12 17:49 - 05026816 ___SH C:\Users\Fabian\Desktop\Thumbs.db
2013-10-02 22:31 - 2013-10-02 22:31 - 00000873 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-10-02 22:31 - 2013-10-02 22:31 - 00000000 ____D C:\Program Files\CPUID
2013-10-02 22:30 - 2013-10-02 22:30 - 00614816 _____ C:\Users\Fabian\Downloads\CPU Z - CHIP-Downloader.exe
2013-10-02 18:30 - 2013-01-06 01:43 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-02 18:30 - 2012-11-14 17:28 - 00000222 _____ C:\Users\Fabian\Desktop\Call of Duty Black Ops II - Multiplayer.url
2013-10-02 17:52 - 2013-10-02 17:30 - 27966944 _____ (Wireshark development team) C:\Users\Fabian\Downloads\Wireshark-win64-1.10.2.exe
2013-10-02 15:49 - 2013-10-02 14:34 - 00116812 _____ C:\Users\Fabian\Downloads\Addition.txt
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\FRST
2013-10-02 14:31 - 2013-10-02 14:31 - 01953880 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2013-10-02 14:28 - 2013-10-02 14:28 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabian\Downloads\SpyHunter-Installer.exe
2013-10-02 14:11 - 2013-10-02 14:11 - 03640880 _____ C:\Users\Fabian\Downloads\avg_remover_zbot.exe
2013-10-02 14:02 - 2013-10-02 14:02 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Downloads\zbotkiller.exe
2013-10-02 14:02 - 2013-10-02 14:02 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\zbotkiller(1).exe
2013-10-01 22:21 - 2013-10-01 22:21 - 00003112 _____ C:\Windows\System32\Tasks\{34236D5E-4705-40B6-A857-895F1637DEE9}
2013-10-01 21:38 - 2013-10-01 21:27 - 174693502 _____ C:\Users\Fabian\Downloads\WINRAR-ARCHIV_(NEU).RAR
2013-10-01 18:25 - 2013-10-01 18:25 - 03247932 _____ (Tim Witschel Serververmietung                               ) C:\Users\Fabian\Downloads\anotherlifesetup(1).exe
2013-10-01 15:03 - 2013-09-22 20:23 - 01493872 _____ (Sysinternals - www.sysinternals.com) C:\Users\Fabian\Desktop\PROCEXP64.exe
2013-09-30 22:34 - 2013-09-30 22:34 - 00003112 _____ C:\Windows\System32\Tasks\{CBCB2BE4-51A9-4A6B-B0D1-C5E5525B1996}
2013-09-29 21:58 - 2013-09-29 21:58 - 00003112 _____ C:\Windows\System32\Tasks\{9B1610D3-6ACB-4319-85F3-849FC6B3DC87}
2013-09-29 00:47 - 2013-09-29 00:47 - 00003112 _____ C:\Windows\System32\Tasks\{283B5185-175A-4890-922B-667ADEAA4ABB}
2013-09-29 00:47 - 2013-09-29 00:47 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-09-28 21:04 - 2013-10-01 21:39 - 00000000 ____D C:\Users\Fabian\Desktop\DCVDNS
2013-09-28 00:22 - 2013-09-28 00:22 - 00003112 _____ C:\Windows\System32\Tasks\{70463F0D-ED93-4408-AA3F-111A0DF33DD5}
2013-09-26 21:30 - 2013-09-26 21:30 - 00003112 _____ C:\Windows\System32\Tasks\{6A823FFB-F815-4A95-BACE-F6E0E4AD13E8}
2013-09-26 21:11 - 2013-09-26 21:11 - 00000848 _____ C:\Users\Fabian\Desktop\dsqwejsad.html
2013-09-26 21:10 - 2013-09-26 21:10 - 00000813 _____ C:\Users\Fabian\Desktop\asdasdasdhjsdau89uias.html
2013-09-26 21:09 - 2013-09-26 21:09 - 00000813 _____ C:\Users\Fabian\Desktop\asdasdasdhjsdau89uias.html.de
2013-09-26 21:06 - 2013-09-26 21:06 - 00000000 _____ C:\Users\Fabian\Desktop\Neues Textdokument (5).txt
2013-09-26 08:47 - 2013-09-26 08:47 - 00003112 _____ C:\Windows\System32\Tasks\{A03BB185-6AD9-42B6-8161-C528AE8CFF80}
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\Users\Fabian\AppData\Local\Adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-26 07:44 - 2013-09-26 07:44 - 00000000 ____D C:\ProgramData\Adobe
2013-09-25 22:05 - 2013-09-25 22:05 - 00003112 _____ C:\Windows\System32\Tasks\{2B61C701-B82C-45FC-8FCC-E804750B9A37}
2013-09-25 16:13 - 2013-09-25 16:13 - 00003112 _____ C:\Windows\System32\Tasks\{A1E9E122-586C-4117-8E89-3331DEA846CB}
2013-09-23 20:48 - 2013-09-23 20:48 - 00003112 _____ C:\Windows\System32\Tasks\{0C439FAF-B853-4490-A552-5FD6AEF67659}
2013-09-22 21:56 - 2013-09-22 21:56 - 00003112 _____ C:\Windows\System32\Tasks\{89BDEDCB-5DB8-48E5-8BF3-2C473666C920}
2013-09-22 21:43 - 2013-09-22 21:43 - 00000091 _____ C:\Users\Fabian\Desktop\Neues Textdokument (4).txt
2013-09-22 15:58 - 2013-09-22 15:58 - 00003112 _____ C:\Windows\System32\Tasks\{123DF075-3EDB-4879-9823-C74F0C8ED84C}
2013-09-22 15:56 - 2012-04-21 15:06 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\Mozilla
2013-09-19 07:46 - 2013-09-19 07:46 - 00003112 _____ C:\Windows\System32\Tasks\{BB5D0016-361B-4462-884C-8C431A667829}
2013-09-18 17:21 - 2012-09-07 13:54 - 00002088 ____H C:\Users\Fabian\Documents\Default.rdp
2013-09-18 16:15 - 2013-09-18 16:15 - 00003112 _____ C:\Windows\System32\Tasks\{690FA7B9-08B7-4B05-AB86-1953A02D4DBC}
2013-09-16 20:36 - 2013-09-16 20:36 - 17873373 _____ C:\Users\Fabian\Downloads\OHNE_TITEL.RAR
2013-09-13 21:52 - 2012-10-24 14:14 - 00000000 ____D C:\Users\Fabian\AppData\Roaming\.minecraft
2013-09-12 21:36 - 2012-05-17 17:16 - 00000000 ____D C:\Windows\rescache
2013-09-12 16:44 - 2012-04-15 18:59 - 00000000 ___RD C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 16:44 - 2012-04-15 18:59 - 00000000 ___RD C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:40 - 2009-07-14 06:45 - 00467168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:02 - 2012-04-20 17:32 - 01730836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 09:02 - 2012-04-20 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 09:02 - 2011-03-11 11:20 - 00727226 _____ C:\Windows\system32\perfh007.dat
2013-09-12 09:02 - 2011-03-11 11:20 - 00162050 _____ C:\Windows\system32\perfc007.dat
2013-09-12 09:01 - 2013-05-14 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 08:52 - 2013-09-12 08:52 - 00709687 _____ C:\Users\Fabian\Desktop\12-09-13
2013-09-12 08:52 - 2012-08-20 18:45 - 00000132 _____ C:\Users\Fabian\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-09-12 08:15 - 2009-07-14 07:13 - 01704114 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-10-09 17:18

==================== End Of Log ============================
         
--- --- ---

Alt 12.10.2013, 14:36   #17
schrauber
/// the machine
/// TB-Ausbilder
 

Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



Das Backup was ESET anmeckert löschen.
Firefox deinstallieren, keine Daten behalten, neu installieren.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?
__________________

__________________

Alt 15.10.2013, 13:28   #18
LawrenceEU
 
Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



Zitat:
Zitat von schrauber Beitrag anzeigen
Das Backup was ESET anmeckert löschen.
Firefox deinstallieren, keine Daten behalten, neu installieren.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?
Hallo!
Werde dies morgen durchführen.... (Muss jez. gelich zur UNI)
Und ja meine IP wird immer und immer wieder geblacklisted.
__________________

Alt 15.10.2013, 18:49   #19
schrauber
/// the machine
/// TB-Ausbilder
 

Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



Immer noch? mach obiges, dann Router auf werkseinstellungen zurücksetzen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.10.2013, 15:01   #20
LawrenceEU
 
Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



Zitat:
Zitat von schrauber Beitrag anzeigen
Immer noch? mach obiges, dann Router auf werkseinstellungen zurücksetzen.
Hey!
habe die Fritz.box garde zurückgesetzt.
Ich werde berichten, ob es war gebracht hat.
(ca in 2 Tagen)


Alt 22.10.2013, 07:29   #21
schrauber
/// the machine
/// TB-Ausbilder
 

Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



ok.
__________________
--> Anscheinden teil eines Botnetses! (Zeus Bot)

Alt 09.11.2013, 22:04   #22
LawrenceEU
 
Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



Zitat:
Zitat von schrauber Beitrag anzeigen
ok.
Es ist wieder BL.
(2 Tage dannach)
Was soll ich machen?

Alt 10.11.2013, 14:51   #23
schrauber
/// the machine
/// TB-Ausbilder
 

Anscheinden teil eines Botnetses! (Zeus Bot) - Standard

Anscheinden teil eines Botnetses! (Zeus Bot)



BL?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Anscheinden teil eines Botnetses! (Zeus Bot)
bot, botnet, dankbar, entferne, entfernen, immer wieder, schei, tagen, warum, zeus bot, zeusbot



Ähnliche Themen: Anscheinden teil eines Botnetses! (Zeus Bot)


  1. Für alle: Bin ich teil eines Botnetzes?
    Überwachung, Datenschutz und Spam - 12.10.2015 (27)
  2. Sysadmin Day: Von der Verantwortung eines Admins, Teil III
    Nachrichten - 30.07.2015 (0)
  3. Ist mein PC Teil eines Botnetzes?
    Log-Analyse und Auswertung - 30.12.2013 (23)
  4. Wieder mal eine Auswertung eines OTLPE-Logs eines GVU/GEMA Trojaner infizierten Systems
    Log-Analyse und Auswertung - 29.06.2013 (10)
  5. Des Dramas zweiter Teil: Warnung der Telekom vor Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (8)
  6. Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (2)
  7. Zeus Teil 2 ( Noob2012 )
    Log-Analyse und Auswertung - 14.12.2012 (3)
  8. Anscheinden Virus Fehlermeldung Failed to save all Components for the file....
    Antiviren-, Firewall- und andere Schutzprogramme - 17.01.2012 (1)
  9. Bin ich teil eines Botnetz? - Was machen? -HijackThis Log dabei!
    Log-Analyse und Auswertung - 25.07.2011 (1)
  10. Skype schickt links an freunde anscheinden ein virus?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (15)
  11. Älterer PC Teil eines Botnetzes?
    Log-Analyse und Auswertung - 08.01.2010 (1)
  12. BOO.sinowal.A Teil 2
    Mülltonne - 16.07.2008 (1)
  13. Teil eines Netzwerkes ...
    Plagegeister aller Art und deren Bekämpfung - 04.03.2008 (1)
  14. Hartnäckiges Teil
    Log-Analyse und Auswertung - 18.03.2006 (2)

Zum Thema Anscheinden teil eines Botnetses! (Zeus Bot) - EST: Code: Alles auswählen Aufklappen ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ba06711a6d3f7c4fbbdc1f75f9fc29f2 # engine=15401 - Anscheinden teil eines Botnetses! (Zeus Bot)...
Archiv
Du betrachtest: Anscheinden teil eines Botnetses! (Zeus Bot) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.