Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Vista - Security Essentials findet Zbot und Sirefef

Vista - Security Essentials findet Zbot und Sirefef


Log-Analyse und Auswertung: Vista - Security Essentials findet Zbot und Sirefef

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.10.2012, 14:53   #1
schrauber
/// the machine
/// TB-Ausbilder
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef


Hi,

Sorry für die Verspätung

Poste bitte mal ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.10.2012, 22:02   #2
Odile
 
Vista - Security Essentials findet Zbot und Sirefef - Standard

Vista - Security Essentials findet Zbot und Sirefef


Hallo schrauber,
danke für die Rückmeldung.
OTL.txt lautet wie folgt:
Code:
ATTFilter
OTL logfile created on: 16.10.2012 22:45:12 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eva\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,26% Memory free
4,22 Gb Paging File | 2,90 Gb Available in Paging File | 68,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 75,20 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,36 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
 
Computer Name: EVA-PC | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 12:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 10:51:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.05.12 11:42:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:44:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 21:43:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008.10.27 11:07:18 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.11 22:45:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.02.03 20:57:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.23 13:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.11.23 13:40:32 | 000,131,152 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2009.02.23 13:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8AA14900-E492-4A18-876E-97C2E26E57F7}
IE - HKLM\..\SearchScopes\{8AA14900-E492-4A18-876E-97C2E26E57F7}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {308B465C-D311-4D8D-B46F-3B51619D2B48}
IE - HKCU\..\SearchScopes\{308B465C-D311-4D8D-B46F-3B51619D2B48}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D2004B07-F7BE-429D-B1B8-E7C501640077}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Programme\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C194A50-D310-4A00-B895-3820EF141C35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8203015D-C37E-4C67-BC42-E4FE2D0F96BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva\Pictures\Sommer 2011\CIMG0207.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 22:41:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.16 22:13:50 | 000,000,000 | ---D | C] -- C:\Users\Eva\Desktop\logs
[2012.10.05 11:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.05 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.04 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Local\DoNotTrackPlus
[2012.09.30 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.30 11:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.30 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.09.30 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.09.30 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Eva\AppData\Roaming\Malwarebytes
[2012.09.30 10:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 10:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.30 10:12:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 10:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.07.27 19:17:46 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Eva\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 22:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.16 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eva\Desktop\OTL.exe
[2012.10.16 22:11:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 22:11:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 20:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 20:11:52 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 21:43:18 | 000,188,928 | ---- | M] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.07 21:43:18 | 000,005,574 | ---- | M] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2012.10.05 19:06:16 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.05 19:06:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.05 19:06:16 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.05 19:06:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.05 09:51:32 | 000,000,000 | ---- | M] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | M] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:55 | 000,302,592 | ---- | M] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | M] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | M] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 13:50:08 | 000,035,840 | ---- | M] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.30 11:16:17 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:12:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.29 20:45:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 21:43:18 | 000,188,928 | ---- | C] () -- C:\Users\Eva\Documents\ESET.wps
[2012.10.05 09:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Eva\defogger_reenable
[2012.10.05 09:47:36 | 001,110,476 | ---- | C] () -- C:\Users\Eva\Desktop\7z920.exe
[2012.10.05 09:37:54 | 000,302,592 | ---- | C] () -- C:\Users\Eva\Desktop\qe8ew2pt.exe
[2012.10.05 09:34:21 | 000,050,477 | ---- | C] () -- C:\Users\Eva\Desktop\Defogger.exe
[2012.09.30 19:12:07 | 000,094,089 | ---- | C] () -- C:\Users\Eva\Desktop\Haarhandbuch.pdf
[2012.09.30 11:16:17 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.30 10:40:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 10:12:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.20 21:39:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.20 21:37:27 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.04.04 23:47:46 | 000,005,972 | ---- | C] () -- C:\Users\Eva\AppData\Local\d3d9caps.dat
[2009.02.16 15:37:04 | 000,035,840 | ---- | C] () -- C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.12 20:16:26 | 000,005,574 | ---- | C] () -- C:\Users\Eva\AppData\Roaming\wklnhst.dat
[2009.02.09 14:42:47 | 000,008,828 | ---- | C] () -- C:\Users\Eva\AppData\Local\de.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.02.25 01:10:08 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Buhl Data Service
[2009.06.06 19:39:47 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\CupcakeCafe
[2011.10.31 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\FRITZ!
[2012.08.13 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\OfficeRecovery
[2011.03.02 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\PCDr
[2012.08.15 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\pdfforge
[2012.09.15 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\SharePod
[2009.02.12 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template
[2011.03.13 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\TotalRecorder
[2009.10.23 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 440 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:B72729D8

< End of report >
Extras.txt ist diesmal nicht erschienen?

Viele Dank und viele Grüße
Odile
__________________
Antwort

Themen zu Vista - Security Essentials findet Zbot und Sirefef
adobe, adobe flash player, autorun, bho, bonjour, defender, dsl, error, explorer, firefox, flash player, format, home, intranet, ordner, programme, registry, rojaner gefunden, security, software, temp, trojaner, ups, vista, winlogon, wmp


« Redirect im Firefox bei der Google-Suche | Avira meldet Fund von EXP/2012-4681.AD »


Ähnliche Themen: Vista - Security Essentials findet Zbot und Sirefef


  1. Microsoft Security Essentials findet wiederholt Trojan:Win32 und BrowserModifier:Win32
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (13)
  2. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2014 (4)
  3. Microsoft Security Essentials findet TrojanerDropper Rotbrow.A,E und D
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (5)
  4. WIN32/Zbot.gen!Y - trotz Microsoft Security Essentials
    Log-Analyse und Auswertung - 07.05.2013 (17)
  5. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  6. PWS:WIn32/ZBOT.gen!aj von Microsoft Security Essentials entdeckt
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (9)
  7. Windows Vista - Infektion mit Sirefef, Sirefef.AB
    Log-Analyse und Auswertung - 21.10.2012 (32)
  8. Microsoft Security Essentials findet Win32/Zbot.gen!Y
    Log-Analyse und Auswertung - 21.07.2012 (26)
  9. Sirefef Windows Security Essentials bereinigt nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  10. Sirefef.AK, M und W gefunden (Microsoft Security Essentials)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  11. Microsoft Security Essentials: WinNT/Sirefef.J, Win32/Karagany.I, Win32/Small.TG etc
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (44)
  12. Trojan:Wind32/Sirefef.P wurde von MS Essentials gemeldet...
    Log-Analyse und Auswertung - 04.03.2012 (7)
  13. AV Security Essentials entfernen
    Anleitungen, FAQs & Links - 05.02.2012 (2)
  14. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2011 (1)
  15. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2011 (76)
  16. Security Essentials Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (1)
  17. MYsecurity center findet Trojaner (Kollah, Zbot) + rogue security software, entfernt sie aber nicht
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vista - Security Essentials findet Zbot und Sirefef - Hi, Sorry für die Verspätung Poste bitte mal ein frisches OTL logfile. - Vista - Security Essentials findet Zbot und Sirefef...
Archiv
Du betrachtest: Vista - Security Essentials findet Zbot und Sirefef auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131