Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Plagegeister aller Art und deren Bekämpfung: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2012, 12:19   #1
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Hallo.
Ich habe mir vorhin möglicherweiße diesen Trojaner eingefangen

Hier der Ablauf der bisherigen Ereignisse:

1.) Besuch der (vermutlich) infizierten Website ( 11:15Uhr)

2.) Windows-Firewall meldet, dass die Datei "piuzyng.exe" mit dem Dateipfad C:\Users\Default.Default-PC\AppData\Roaming\oxqo\piuzyng.exe Zugriff auf das Internet möchte, das habe ich verweigert.

3.) Überprüfen der Datei mit Avira kommt zu keinem Ergebnis, lade sie bei virustotal.com hoch, Kaspersky zeigt "Trojan-Spy.Win32.Zbot.dnei"

3.) Untersuchen der besagten .exe-Datei, der Ordner in dem sie liegt hat als Erstellungsdatum 12.03.12 11:15, also genau als ich auf der Website war...

4.)Im Taskmanager läuft ein Prozess mit Namen "piuzyng.exe" den ich sofort beende und die .exe per Windows-Funktion lösche

5.)Zurücksetzen von Windows per Systemwiederherstellung auf den 10.03.12

6.)Nach dem Neustart des Systems läuft (für mich ersichtlich) kein verdächtiger Prozess mehr im Taskmanager

7.)Habe etwas recherchiert und mir den zbot-Killer von Kaspersky geladen und ausgeführt, der findet jedoch nichts


Ich benutze Windows 7 64bit und gesuft bin ich mit Opera.



Meine Frage: Bin ich nochmal mit einem "blauen Auge" davongekommen oder waren meine (vermutlich sehr stümperhaften) Versuche, mein System zu retten für die Katz und ich komme nicht mehr um ein Neuaufsetzen herum?


Wäre sehr froh, wenn mir das jemand sagen könnte und helfen könnte mein Windows wieder virenfrei zu bekommen :-)


hier noch der virustotal-link: https://www.virustotal.com/file/c43f95df511ab05bcc04bca1789857a2181d4b161dae129e12def4a849462e3e/analysis/1331547589/

Alt 12.03.2012, 12:27   #2
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Hi,

könnte sein das es tatsächlich geklappt hat...

Zur Sicherheit:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
Ps.: Mail mir mal (PM- hier im Forum) die Adresse wo das Teil "rumliegt"...
__________________

__________________
Alt 12.03.2012, 12:28   #3
markusg
/// Malware-holic
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


hi,
kannst du mir den link der seite zusenden?
als private nachicht?
edit:
chris war zwar schneller, link hätte ich aber trotzdem gern :-)
__________________
__________________
Alt 12.03.2012, 13:26   #4
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Hier die Logs von OTL, Malewarebytes folgt gleich (Hinweis: bei OTL.Txt habe ich ein paar private Dateien/Ordner mit *** zensiert, das waren aber auch nur Bilder, excel tabellen u.ä.)

OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Default.Default-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Advanced Wheel Mouse\wh_exec.exe ()
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 0A B6 4D B6 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "heise.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.3rc4
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 23:16:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.25 11:17:15 | 000,000,000 | ---D | M]
 
[2010.09.18 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2012.03.09 09:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions
[2012.03.01 21:16:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.24 19:56:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\firefox@ghostery.com
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2012.02.06 23:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\i480jrob.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2011.07.03 19:38:05 | 000,002,057 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i480jrob.default\searchplugins\youtube-videosuche.xml
[2011.11.09 00:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\DEFAULT.DEFAULT-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I480JROB.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
[2012.02.18 23:16:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.18 20:48:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.20 17:14:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.23 22:14:20 | 000,001,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF6CA10-59B3-4B67-ADC3-7891F1F803D9}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2fb463-c338-11df-b5e2-afea685bf08f}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.12 12:58:27 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Hegu
[2012.03.07 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.05 16:42:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:31:54 | 001,019,904 | ---- | C] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.03.04 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.24 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.02.24 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.02.23 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 23:48:17 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.20 12:23:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.19 00:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***
[2012.02.19 00:34:28 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.02.18 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.15 22:25:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 22:25:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 22:25:31 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 22:25:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 22:25:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 22:25:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 22:25:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 22:25:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.15 22:25:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 22:25:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 22:25:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 14:22:05 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.12 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\My Documents
[2012.02.11 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[2012.02.11 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\Documents\***
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 12:58:29 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2012.03.12 12:09:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.12 12:09:48 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.12 12:09:48 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.12 12:09:48 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.12 12:09:48 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.12 12:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 12:05:29 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 12:04:07 | 000,000,020 | ---- | M] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:32 | 000,050,477 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 22:25:56 | 138,989,256 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\FUSSM2PEWD2TPMF.rar
[2012.03.09 21:34:48 | 000,001,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:37 | 000,764,358 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6868.jpg
[2012.03.09 21:28:33 | 001,323,217 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6795.jpg
[2012.03.09 21:28:26 | 001,554,039 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\IMG_6614.jpg
[2012.03.09 16:47:51 | 000,002,190 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:42 | 000,057,963 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.06 23:41:53 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 23:41:52 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.04 12:31:58 | 001,019,904 | ---- | M] (www.byphry.de.vu) -- C:\Users\Default.Default-PC\Desktop\ThumbsDbExtractor.exe
[2012.03.04 12:25:19 | 000,001,422 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.28 21:21:30 | 000,311,514 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.02.23 18:03:17 | 000,001,800 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.02.18 15:35:33 | 004,845,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 20:22:31 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 12:04:06 | 000,000,020 | ---- | C] () -- C:\Users\Default.Default-PC\***
[2012.03.12 12:03:31 | 000,050,477 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.12 11:42:18 | 000,101,329 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\zbotkiller.zip
[2012.03.09 21:34:48 | 000,001,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:33:38 | 138,989,256 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:36 | 000,764,358 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:31 | 001,323,217 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 21:28:24 | 001,554,039 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 16:47:50 | 000,002,190 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.09 09:32:41 | 000,057,963 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:40 | 000,001,422 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.03.04 12:24:07 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2012.02.28 21:22:19 | 000,311,514 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\***
[2012.01.12 17:29:19 | 000,001,800 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.01.01 12:36:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.28 15:09:33 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\conquests.ini
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.10 15:01:41 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.03 20:12:21 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.26 16:01:19 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010.12.20 20:07:47 | 000,000,004 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\steam_md4.dat
[2010.10.31 20:02:06 | 000,000,156 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\burnaware.ini
[2010.10.31 19:42:21 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2010.10.06 14:42:38 | 000,005,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.02 14:30:59 | 000,007,609 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Resmon.ResmonCfg
[2010.09.24 14:17:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.18 19:50:49 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.18 19:50:49 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.18 19:50:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.09.18 19:50:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.09.18 19:49:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.18 19:49:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.09.18 18:29:24 | 000,000,760 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\setup_ldm.iss

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.03.2012 12:59:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Default.Default-PC\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,43% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 224,40 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8019A54F-530F-84C2-24DD-1C9F53257F7C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"ffdshow64_is1" = ffdshow x64 v1.1.3572 [2010-09-13]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Sandboxie" = Sandboxie 3.62 (64-bit)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.1.0.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.6.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"Album Art Downloader XUI" = Album Art Downloader XUI 0.37
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Blur(TM)_is1" = Blur(TM)
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.8.0
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"foobar2000" = foobar2000 v1.1.1
"FormatFactory" = FormatFactory 2.80
"Foxit Reader" = Foxit Reader
"Gaming Mouse" = Gaming Mouse
"Griffith_is1" = Griffith 0.12.1
"Homefront_is1" = Homefront
"Image Grabber II" = Image Grabber II
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"LeechFTP" = LeechFTP 
"Mafia II_is1" = Mafia II
"ManyCam" = ManyCam 2.5.74 (remove only)
"mIRC" = mIRC
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.47b
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"MyMDb_0" = MyMDb 3.6
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.61.1250" = Opera 11.61
"qutIM" = qutIM 0.2.0
"RouterControl" = RouterControl 2.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TIPP10_is1" = TIPP10 Version 2.0.3
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.5.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fbaaf7d101824206" = RoboGUI
"QIP 2010" = QIP 2010 10.10.11.4237
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---
Alt 12.03.2012, 14:44   #5
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Hi,

sieht soweit gut aus, MAM noch laufen lassen und log posten...
Eine Kleinigkeit:


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.03.2012, 14:54   #6
infecteduser
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


ok danke mach ich gleich, muss malewarebytes ein zweites mal laufen lassen, nach dem ersten mal hat es mein Windows neu gestartet und es gab keinen log mehr :/

Alt 12.03.2012, 14:59   #7
Chris4You
 
"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Standard

"Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


Hi,

starte MAM und schau mal auf dem Reiter "Logdateien" nach, poste das entsprechende LOG...

Wir prüfen nach her noch den MBR und auf TDSS..

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
ablauf, appdata, avira, besuch, datei, ergebnis, ersichtlich, frage, infizierte, internet, kaspersky, melde, meldet, namen, neustart, nicht mehr, ordner, prozess, retten, roaming, systemwiederherstellung, taskmanager, trojaner, verdächtiger prozess, virus, virustotal.com, windows 7 64bit, windows-firewall, zugriff, zurücksetzen


« TR/rootkid.gen & TR/sirefef.BP.1 - Problem | PC durch Trojaner gesperrt "Bundespolizei" »


Ähnliche Themen: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js)
    Log-Analyse und Auswertung - 28.04.2014 (9)
  3. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  4. ZoneAlarm meldet Fund: "Trojan-Spy.Win32.Zbot.nesk"
    Log-Analyse und Auswertung - 18.07.2013 (11)
  5. Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"
    Log-Analyse und Auswertung - 05.06.2013 (10)
  6. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  7. "AcroIEHelpe163.dll" in C:\Users\Hendrik\AppData\Roaming\, TR/Rogue.kdv.666318
    Log-Analyse und Auswertung - 08.08.2012 (5)
  8. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  9. Trojaner TR/Dropper.Gen2 in C:\Users\Mirja\AppData\Roaming\Mozilla\Firefox\Profiles\6x4lp5w3.default
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (8)
  10. aswMBR.exe findet "Windows XP default MBR code" auf Win7 64bit System und unbekannte Partitionstabel
    Log-Analyse und Auswertung - 29.10.2011 (5)
  11. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  12. Firewall7Control "WSH Default Inbound Block Incoming"
    Antiviren-, Firewall- und andere Schutzprogramme - 15.09.2011 (24)
  13. Wie soll ich "HTML/Rce.gen" in "\Firefox\Profiles\p2hadvdz.default\Cache" entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (1)
  14. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  15. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  16. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" - Hallo. Ich habe mir vorhin möglicherweiße diesen Trojaner eingefangen Hier der Ablauf der bisherigen Ereignisse: 1.) Besuch der (vermutlich) infizierten Website ( 11:15Uhr) 2.) Windows-Firewall meldet, dass die Datei "piuzyng.exe" - "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"...

Alle Zeitangaben in WEZ +1. Es ist jetzt 20:16 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55