Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?

Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?


Plagegeister aller Art und deren Bekämpfung: Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.08.2012, 15:26   #1
anna03
 
Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun? - Standard

Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?


Hi,

mich hat es auch erwischt, Antivir hat immer nur irgendwelche Warnungen angezeigt, heute nun von web.de abuser die nachricht, dass ich einen Trojaner Zeus hätte, danach im Googlemail Postfach Nachricht von ebay, dass jemand versuchte auf meinen Account zuzugreifen und dann noch ein Anruf von der Bank, dass das online banking vorsorglich gesperrt wurde.

Hier nun meine OTL (ich hoffe, ich habe alles richtig gemacht):

OTL logfile created on: 06.08.2012 16:04:57 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,73% Memory free
7,75 Gb Paging File | 5,34 Gb Available in Paging File | 68,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 58,35 Gb Free Space | 58,41% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 86,32 Gb Free Space | 86,32% Space Free | Partition Type: NTFS
Drive E: | 731,51 Gb Total Space | 401,97 Gb Free Space | 54,95% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\lucyliu\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\lucyliu\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe ()
PRC - C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Advanced System Protector\aspsys.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Advanced System Protector\UNRAR.DLL ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c0f61f9b73571f26b6e0e0757bc5f460\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0929bf4ca3bc8e8b2131f27cdf500c7e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c299b012a3fe92ae56d60fe415f63fff\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\97adf9fccd70327b839a92c3d038b101\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\ebb1a98d5d55d13bbe33034416ee5a1f\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (ThreatFire) -- C:\Program Files (x86)\lucyliu\TFService.exe (PC Tools)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- D:\Microsoft Office 2007\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049BBde&ptnrS=XPxdm049BBde&si=9175&ptb=2BE5C550-A843-4A22-B97C-472E9FB1659B&psa=&ind=2012021807&st=sb&n=77ed042f&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 7B CA AC 36 EE CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {85FC67FB-68AC-4D2E-8F64-2EAB4BE1A0F2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKCU\..\SearchScopes\{2E36A687-3AF3-4EE8-8773-E43F82DA8ABD}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{44993FBD-BC5B-44CB-A09F-8C45BE4DBF66}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5DD620D6-0158-4630-9BE3-562291520CDC}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{85FC67FB-68AC-4D2E-8F64-2EAB4BE1A0F2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{A2DB8C26-0BBE-426C-8BA6-7B5DF89C7EDF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BC999538-2385-4B55-A908-7C118D0E7119&apn_sauid=E3A77928-C475-44EF-8B4A-430D34C64FBF&
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049BBde&ptnrS=XPxdm049BBde&si=9175&ptb=2BE5C550-A843-4A22-B97C-472E9FB1659B&psa=&ind=2012021807&st=sb&n=77ed042f&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{F8E4C14E-D103-4832-B68E-7728E77EEE45}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF-XChange Viewer 2.05\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF-XChange Viewer 2.05\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF-XChange Viewer 2.05\Win32\npPDFXCviewNPPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.14 17:43:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\PROGRA~2\DASRTL~1\DASOER~1.DLL ()
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\PROGRA~2\DASRTL~1\DASOER~1.DLL ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\lucyliu\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Eqroy] C:\Users\Admin\AppData\Roaming\Muop\hisa.exe File not found
O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\gStart.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fernuni-hagen.de ([ca] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E84DDEE7-F0BB-4EA1-8D0D-24350223CB54}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.06 16:03:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.08.06 12:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.08.06 12:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.08.06 12:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012.08.06 12:49:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Systweak
[2012.08.06 12:49:26 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.08.06 12:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.08.06 12:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.08.06 12:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2012.08.06 12:17:05 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012.08.06 12:17:05 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012.08.06 12:17:05 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012.08.06 12:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.08.06 12:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lucyliu
[2012.07.18 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Poguva
[2012.07.18 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Muop
[2012.07.18 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Degeyc
[2012.07.09 11:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\2012_07_09
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.06 16:03:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.08.06 16:00:47 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.08.06 15:32:31 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.08.06 15:32:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 15:31:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 15:31:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 12:50:14 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.08.06 12:49:33 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.08.06 12:49:19 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.08.06 12:44:07 | 001,499,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 12:44:07 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 12:44:07 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 12:44:07 | 000,131,548 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 12:44:07 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 12:43:41 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 12:43:41 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 12:38:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 12:38:19 | 3120,062,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 12:17:08 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2012.07.22 16:38:07 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 17:06:34 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.08 17:12:07 | 000,070,701 | ---- | M] () -- C:\Users\Admin\Desktop\uninstall.exe
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.06 16:00:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.08.06 12:50:14 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.08.06 12:49:45 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012.08.06 12:49:33 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.08.06 12:49:33 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.08.06 12:49:19 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.08.06 12:17:08 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011.06.23 11:59:48 | 000,000,344 | ---- | C] () -- C:\ProgramData\38526712
[2010.05.09 17:09:17 | 000,004,608 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 13:35:13 | 000,000,008 | RHS- | C] () -- C:\ProgramData\DBC6499085.sys
[2010.05.08 13:35:12 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== LOP Check ==========

[2012.06.04 14:05:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\1&1 Mail & Media GmbH
[2011.05.18 14:04:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2010.10.29 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2010.05.16 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010.05.08 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.07.18 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Degeyc
[2011.08.01 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.08.01 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.27 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012.06.09 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012.08.06 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Muop
[2010.10.29 17:53:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2012.08.06 12:10:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Poguva
[2011.11.20 13:37:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2012.07.05 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Spyware Terminator
[2012.08.06 12:50:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Systweak
[2010.10.30 14:09:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2011.08.08 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WEB.DE
[2011.10.13 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView
[2012.08.06 15:32:31 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012.08.06 12:49:33 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012.06.30 15:46:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

wie mache ich das mit dem extras.txt? Mir wurde da nix angezeigt

LG Anna

Alt 06.08.2012, 15:27   #2
markusg
/// Malware-holic
 
Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun? - Standard

Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?


hi
da trägst du, ich muss es leider sagen, ne mitschuld, kein vernünftig geupdatetes windows.
da du onlinebanking machst:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________
Antwort

Themen zu Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?
advanced system protector, antivir, application/pdf:, avira, bho, bonjour, browser, canon, conduit, converter, downloader, ebay, explorer, firefox, flash player, format, gesperrt, google earth, helper, langs, logfile, mp3, object, office 2007, origin, plug-in, realtek, regclean, registry, scan, senden, software, spyware, systweak, tracker, trojaner, windows


« GVU - Trojaner | Web-Kamera lässt sich nicht abstellen »


Ähnliche Themen: Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?


  1. Windows 7: ebay.de & ebay.com werden unerwünschte Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 29.08.2015 (13)
  2. Merkwürdiger Post von FB: soll in Konsole Code einfügen
    Überwachung, Datenschutz und Spam - 28.09.2014 (10)
  3. Post von der Telekom, infiziert mit dem ZBot/ZeuS
    Log-Analyse und Auswertung - 03.12.2013 (3)
  4. Zeus 2 Trojaner nach Auskunft der Bank
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (2)
  5. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  6. Post- Trojaner
    Log-Analyse und Auswertung - 25.09.2012 (1)
  7. Per Post Nachricht von Bank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (3)
  8. Post von meiner Bank, Benutzerdaten ausspioniert, Verdacht auf Spyeye
    Log-Analyse und Auswertung - 12.06.2011 (6)
  9. Deutsche Bank 100 TAN Trojaner - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (34)
  10. Sparda Bank TAN Trojaner
    Log-Analyse und Auswertung - 20.05.2011 (3)
  11. Nachricht von der Bank, Rechner sei mit Zeus/Zeus2 infiziert
    Log-Analyse und Auswertung - 17.11.2010 (17)
  12. Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (34)
  13. TR/URSNIF.18.34 in C:\WINDOWS\SYSTEM32\clipgers.dll => Ebay & Bank Konto betroffen
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  14. Deutsche Bank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (43)
  15. deutsche bank 30 tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (6)
  16. 50 TAN Trojaner bei VR-Bank?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (6)
  17. 20 Tan Trojaner bei VR Bank
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun? - Hi, mich hat es auch erwischt, Antivir hat immer nur irgendwelche Warnungen angezeigt, heute nun von web.de abuser die nachricht, dass ich einen Trojaner Zeus hätte, danach im Googlemail Postfach - Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun?...
Archiv
Du betrachtest: Post von web.de abuser, ebay und der Bank :-( Trojaner Zeus, was soll ich tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55