Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
spyware.zbot

spyware.zbot


Log-Analyse und Auswertung: spyware.zbot

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.11.2012, 02:49   #1
fennecus
 
spyware.zbot - Standard

spyware.zbot


Hallo,

seit einiger Zeit stürzen auf meinem PC Programme ab und mein Scanner-Treiber ist beschädigt.
Es wird ein "Appcrash" angegeben.

Die Anti-Malware-Software hat einen Virus "spyware.zbot" ausgemacht, den ich in Quarantäne vesetzt habe. Könnte er der Verursacher sein?

Als Neuling bin den Anweisungen im Forum gefolgt und habe den defogger, OTL und GMER laufen lassen.

Leider stürzt das Gmer-Programm ab und es wird folgende Fehlermeldung angegeben:

Problemereignisname: APPCRASH
Anwendungsname: kxt59zby.exe
Anwendungsversion: 1.0.15.15641
Anwendungszeitstempel: 4e21f2b1
Fehlermodulname: kxt59zby.exe
Fehlermodulversion: 1.0.15.15641
Fehlermodulzeitstempel: 4e21f2b1
Ausnahmecode: c0000005
Ausnahmeoffset: 0000c676
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 8302
Zusatzinformation 2: 285a81c25e2e2042e8e764576f18b75e
Zusatzinformation 3: e4ed
Zusatzinformation 4: 0f5f75bf07d73ef8a8717078756b0a40

Die OTL.txt lautet:

OTL logfile created on: 24.11.2012 01:53:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\fennecus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,18% Memory free
4,23 Gb Paging File | 3,22 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325,17 Gb Total Space | 165,60 Gb Free Space | 50,93% Space Free | Partition Type: NTFS
Drive D: | 10,18 Gb Total Space | 1,40 Gb Free Space | 13,71% Space Free | Partition Type: NTFS

Computer Name: FENNECUS-PC | User Name: fennecus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.24 01:39:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fennecus\Downloads\OTL.exe
PRC - [2012.10.31 18:39:39 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.10.25 14:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2007.09.14 23:04:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2012.11.22 06:06:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.31 18:39:39 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.10.20 10:05:41 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) [Disabled | Stopped] -- C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.21 14:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2012.03.21 14:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2012.03.21 14:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2011.12.12 15:11:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.04.20 14:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010.10.22 02:00:00 | 000,926,080 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV - [2010.10.22 02:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008.06.09 14:57:06 | 000,418,832 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2008.02.14 09:44:06 | 000,188,976 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aucapi.sys -- (aucapi)
DRV - [2008.02.14 09:44:00 | 000,140,336 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aumpa.sys -- (aumpa)
DRV - [2008.02.01 06:56:48 | 000,160,816 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\auusb.sys -- (auusb)
DRV - [2007.09.14 23:16:22 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.08.03 11:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2002.09.30 13:57:00 | 000,068,528 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tausb.sys -- (tausb)
DRV - [2002.07.19 07:10:20 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cinemsup.sys -- (Cinemsup)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {A5956BF3-30F5-4DF1-BB1A-F085A7C1EDED}
IE - HKLM\..\SearchScopes\{A5956BF3-30F5-4DF1-BB1A-F085A7C1EDED}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{AAA04595-3863-485C-BC3E-273161E68EB5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = Google.de
IE - HKCU\..\SearchScopes\{B7C9BB3C-7E82-4B0D-BE01-CED356998EE0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=D1C1EEF4-0A14-4E84-A6FA-3748E84906F7&apn_sauid=CC049D43-D881-413B-99B7-27D57E8D3BD6
IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.22 06:06:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 15:11:36 | 000,000,000 | ---D | M]

[2008.08.28 17:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fennecus\AppData\Roaming\mozilla\Extensions
[2012.11.23 13:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fennecus\AppData\Roaming\mozilla\Firefox\Profiles\s00vob1d.default\extensions
[2012.11.22 06:06:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\fennecus\AppData\Roaming\mozilla\Firefox\Profiles\s00vob1d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.17 17:01:01 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\extensions\toolbar@gmx.net.xpi
[2012.11.23 13:59:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 17:01:07 | 000,000,911 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\11-suche.xml
[2012.11.20 16:18:35 | 000,002,399 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\askcom.xml
[2012.11.17 17:01:07 | 000,002,273 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\englische-ergebnisse.xml
[2012.11.17 17:01:07 | 000,010,563 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\gmx-suche.xml
[2012.11.17 17:01:07 | 000,002,432 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\lastminute.xml
[2012.11.17 17:01:07 | 000,005,545 | ---- | M] () -- C:\Users\fennecus\AppData\Roaming\mozilla\firefox\profiles\s00vob1d.default\searchplugins\webde-suche.xml
[2012.03.18 06:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.01 10:32:33 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.01.01 10:32:33 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.11.22 06:06:38 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.10 08:11:40 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 12:58:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{031C6A5B-F7EA-4BC7-872D-EEDDEA5DBAFC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD88E086-B588-4336-9C52-11E7F5696C56}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\fennecus\Eigene Bilder\Aquarium\Buntbarsche\Pelvicachromis\Pelvicachromis rubrolabiatus\IMG_1314.JPG
O24 - Desktop BackupWallPaper: C:\Users\fennecus\Eigene Bilder\Aquarium\Buntbarsche\Pelvicachromis\Pelvicachromis rubrolabiatus\IMG_1314.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.09 10:35:28 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cdb558e4-6c17-11e0-bb58-acd3f1b92fe5}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb558e4-6c17-11e0-bb58-acd3f1b92fe5}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.23 21:29:17 | 000,000,000 | ---D | C] -- C:\Users\fennecus\AppData\Roaming\Malwarebytes
[2012.11.23 21:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 21:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 21:28:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.23 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.23 20:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.11.23 18:44:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.11.23 18:41:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2012.11.23 18:25:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2012.11.23 18:25:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2012.11.23 18:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2012.11.23 18:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series Benutzerregistrierung
[2012.11.23 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2012.11.23 18:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2012.11.23 18:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series Manual
[2012.11.23 18:14:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.11.23 18:13:38 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012.11.23 18:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
[2012.11.23 15:21:01 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.11.23 15:20:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING
[2012.11.21 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.11.21 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.11.20 17:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.11.08 08:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.24 01:48:58 | 000,000,000 | ---- | M] () -- C:\Users\fennecus\defogger_reenable
[2012.11.24 01:38:34 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.24 01:38:34 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.24 01:38:34 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.24 01:38:34 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.24 01:24:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.24 00:58:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.24 00:58:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 00:58:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 00:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 21:29:01 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 19:41:08 | 000,000,711 | ---- | M] () -- C:\Users\fennecus\Desktop\MP Navigator EX.lnk
[2012.11.23 18:57:09 | 000,000,944 | ---- | M] () -- C:\Users\fennecus\Desktop\mpnex40.exe.lnk
[2012.11.22 18:59:39 | 000,148,480 | ---- | M] () -- C:\Users\fennecus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.21 15:11:36 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.21 13:48:17 | 000,002,537 | ---- | M] () -- C:\Users\fennecus\Desktop\Microsoft Office Picture Manager.lnk
[2012.11.20 17:10:11 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2012.11.14 16:27:00 | 000,424,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.24 01:48:58 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\defogger_reenable
[2012.11.23 21:29:01 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 19:40:45 | 000,000,711 | ---- | C] () -- C:\Users\fennecus\Desktop\MP Navigator EX.lnk
[2012.11.23 18:56:28 | 000,000,944 | ---- | C] () -- C:\Users\fennecus\Desktop\mpnex40.exe.lnk
[2012.11.23 18:12:53 | 000,013,056 | ---- | C] () -- C:\Windows\System32\CNC1749D.TBL
[2012.11.21 15:11:36 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.21 15:11:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.01.01 10:34:37 | 000,017,408 | ---- | C] () -- C:\Users\fennecus\AppData\Local\WebpageIcons.db
[2011.11.11 13:57:40 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{FC9294EB-13B3-4878-BC42-C3F20EC42C53}
[2011.09.29 19:24:41 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{D1DE2D4C-B5AA-4F7A-84E4-E9BD31BE822A}
[2011.09.19 18:16:47 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{4DB094A6-9B23-4658-9054-16B4BF2BD666}
[2011.09.19 18:14:45 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{334B57FF-C5FD-46FC-A7AE-A1D95DB98BA4}
[2011.08.21 09:15:33 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{1CBB0CD2-E491-45AD-A4BA-4ACD8E7FFBF3}
[2011.08.21 09:13:31 | 000,000,000 | ---- | C] () -- C:\Users\fennecus\AppData\Local\{0D0B60AB-A8EB-48D9-929A-6CC627D4EB53}
[2011.06.24 10:00:45 | 000,005,152 | ---- | C] () -- C:\Windows\ouwininit.exe
[2011.06.01 16:14:00 | 000,005,894 | ---- | C] () -- C:\Windows\System32\comBS17j.dll
[2011.04.21 14:05:57 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusb4.bin
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2008.10.15 16:47:31 | 000,148,480 | ---- | C] () -- C:\Users\fennecus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.21 18:27:41 | 000,000,680 | ---- | C] () -- C:\Users\fennecus\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.06.01 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\beSoft
[2009.04.07 12:38:10 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\Buhl Data Service
[2012.11.23 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\Canon
[2008.11.30 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\Cornelsen
[2011.10.24 12:51:27 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\EPSON
[2012.07.29 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\FILEminimizerPictures
[2011.04.21 07:47:25 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\GMX
[2011.02.11 07:17:49 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\muvee Technologies
[2011.02.27 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\PlayFirst
[2012.10.20 13:39:32 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\SMART Technologies
[2010.07.23 10:01:00 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\SMART Technologies Inc
[2011.04.21 07:47:16 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\SmartSurfer
[2012.02.08 08:20:04 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\TuneUp Software
[2010.12.03 20:19:46 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\Ulead Systems
[2009.01.25 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\fennecus\AppData\Roaming\WEBDE

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9A2B2B2D

< End of report >

Die EXTRAS.txt lautet:

OTL Extras logfile created on: 24.11.2012 01:53:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\fennecus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,18% Memory free
4,23 Gb Paging File | 3,22 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325,17 Gb Total Space | 165,60 Gb Free Space | 50,93% Space Free | Partition Type: NTFS
Drive D: | 10,18 Gb Total Space | 1,40 Gb Free Space | 13,71% Space Free | Partition Type: NTFS

Computer Name: FENNECUS-PC | User Name: fennecus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EB8609-7C83-48D9-8B89-98D90FBEDB43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{13B8D29D-7DF1-4E6E-A089-B23FA60DAA10}" = rport=139 | protocol=6 | dir=out | app=system |
"{21BA0739-019F-416D-A251-9F148391FFDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{268594C5-3732-4E2D-966F-04C43A47A961}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55933E44-A2B8-41DD-B913-7CC930CF590A}" = rport=137 | protocol=17 | dir=out | app=system |
"{75D76ED0-9ADD-4247-ABC1-C2BF03B7D86D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7655AAC2-0842-4526-BC8C-80A43E247EA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{835FE0E5-A45D-49D0-A951-B66B072AF537}" = lport=445 | protocol=6 | dir=in | app=system |
"{A54AE3D3-4D46-4610-8420-5232531B686A}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF1891F3-A961-40F5-8791-6E1A98E443FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED78C17E-6D69-4A56-8E02-4F7B099F3B94}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07655591-2BD1-498E-BD17-4731463B0691}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{0881F7EF-FE34-4F38-8191-DB80388B4138}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B47557F-4882-4A8C-B883-EBD513271896}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0ECEA464-E42D-4E95-A460-29445130E667}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{2B325FB5-8392-4562-BC71-DD32C786DE05}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{30D94EF7-681C-4120-9EC9-816C02BF214A}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{3DE26B60-7E95-442C-ACFE-D69414F201CB}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{5A99CA9B-0A5B-4977-BF14-047D48F81F72}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{70DFE6C5-FD60-4FE5-948D-D5D8BEDDD3CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A70092CC-93F1-44F6-8894-E34E72766B9A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E59D4290-7EF1-4EAC-A24F-E62A4F9AD09B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EFD551F1-154D-4450-8784-6D209298AF75}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{F05E24DF-5E97-46C1-AAEA-376BB5D58BA9}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"TCP Query User{B407D564-1009-4FEB-8654-F0317D7B3BF4}C:\program files\dvbviewerte\ts_winlirc.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\ts_winlirc.exe |
"TCP Query User{D765F319-4352-4082-8EF8-6F25CEE4C2A1}C:\program files\technisat dvb\bin\server4pc.exe" = protocol=6 | dir=in | app=c:\program files\technisat dvb\bin\server4pc.exe |
"UDP Query User{40540461-0F81-4B14-BA75-EFEF576F2B31}C:\program files\technisat dvb\bin\server4pc.exe" = protocol=17 | dir=in | app=c:\program files\technisat dvb\bin\server4pc.exe |
"UDP Query User{EAB07D93-A3B4-4750-8E3B-84409FDBA7A6}C:\program files\dvbviewerte\ts_winlirc.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\ts_winlirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{01930DB9-DF4B-44DB-166B-D9D9A1D0FD8B}" = Catalyst Control Center Localization Danish
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{059A00AC-1205-423C-91C7-7E6168D804DA}" = MainConcept DTV Decoder Standard
"{059EDAA4-242F-9425-5A89-C8AAF9550781}" = Catalyst Control Center Graphics Full New
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09131B3A-D267-0BB7-3F06-DC9928B49A83}" = Catalyst Control Center Localization Korean
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A8877D9-2951-7554-BBAC-573B45BA5261}" = Catalyst Control Center Localization Chinese Traditional
"{0B135CFC-45FB-063A-197B-4DE76892F829}" = CCC Help Italian
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{134007CC-7026-46C2-B46F-40D9FD2AF385}" = Technisat DVB-VC80 Redistributable Modules
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{19CC505B-7FC5-A8AC-F09B-8D73451A9B39}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85EC9D-8792-4ACD-9558-1F78237C3510}" = Catalyst Control Center Localization Turkish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24F93FEC-6EC7-075C-249B-62442CA0026A}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25E0A19C-1DDE-5B4B-1B0B-55258B980427}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{272710E9-8E78-8A4C-BE61-B688EB6EF9B9}" = CCC Help French
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F1F56CE-9F36-695E-5F6C-8F6554B17876}" = Catalyst Control Center Localization Czech
"{2F34303C-F485-41FD-04D3-B71CE3352D9F}" = Catalyst Control Center Localization Portuguese
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343F9F5A-AA17-4D61-B451-AA628D106B77}" = Skins
"{37093BBD-A3ED-77CD-1483-7AF0428B2772}" = CCC Help Spanish
"{3717A572-2F7F-7224-5A78-495257CD16E2}" = Catalyst Control Center Localization Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DF537E0-614B-CAA6-5D12-D18A9804224A}" = CCC Help German
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6BF3B3-9DAE-CB8E-97A3-F79AD996007E}" = CCC Help Thai
"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding
"{51EBE1ED-60AD-E43F-A1ED-282F9F217374}" = ccc-utility
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D4013E-3FEC-4C08-AAA8-CC24985A04E1}" = WISO EÜR & Kasse 2010
"{53BB5CF3-1BEE-DD11-8254-232E6C5C58AE}" = CCC Help Korean
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CE08B6-9BD4-8BE6-73C2-2D444026060C}" = CCC Help Greek
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5CF94ABE-4A38-8175-A7D1-5B42C4A936F6}" = ATI Catalyst Install Manager
"{5D3170EA-B24F-2B5C-25FD-7FD3112C081D}" = Catalyst Control Center Localization Norwegian
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{636194CF-A7A3-01FA-73D5-FA33EF7FDF7B}" = CCC Help Portuguese
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68BE4D42-AB44-A43C-0A1B-8E8E3F0E0C4D}" = Catalyst Control Center Graphics Previews Vista
"{698F2F83-B413-A8A1-2DA4-FD1A3029526E}" = Catalyst Control Center Localization Greek
"{69DE68DE-0E07-0EFA-0D03-15272DF054F7}" = CCC Help Finnish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7117C6B9-110A-4667-B4FD-8334ED976492}" = WISO EÜR & Kasse 2011
"{77962FE1-396A-A7D6-EEB5-3AD84F95A9B7}" = Catalyst Control Center Localization French
"{782FA1AF-9520-E518-B0EA-EE88F9DE0414}" = CCC Help Polish
"{7ED124D9-8868-D71F-D30D-75A6369789E3}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{83D013C0-D13C-A05F-ADAD-B7CCD5E4184A}" = Catalyst Control Center Localization Swedish
"{87A17751-BB5A-2AAE-E2B0-29779EB4890A}" = Catalyst Control Center Localization Chinese Standard
"{8804F395-4CFA-E6F8-8BB8-4A77B880A8E2}" = Catalyst Control Center Localization Spanish
"{8F4B0B26-F5F5-DACD-80E8-354820F811C7}" = Catalyst Control Center Localization Italian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91CB241A-31F6-0A86-574C-1C4D106533F1}" = Catalyst Control Center Graphics Light
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{94D44A34-2542-012D-72E4-BC4F7A2D45FB}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A231406-6D78-55B7-D488-D39FE2DAAA12}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B70-C288-6B45-75D7-3FCC0B575F3D}" = Catalyst Control Center Localization Thai
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3C27C5-7DF7-ADB9-0A03-2B4A51FCE75D}" = CCC Help Turkish
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC3941FD-522A-0CA8-E7D4-B791EA1D05AE}" = Catalyst Control Center Localization Russian
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACDF5A5C-7C6D-4BE5-9340-C13E22ED2847}" = Rund um ... BIOskop 7-10 (Teil 2)
"{ADDA95FD-859F-8FF8-886C-1FCF3D45EC24}" = CCC Help Czech
"{AEF545C7-9B16-D053-BD96-773DA14F9AB5}" = Catalyst Control Center Localization Hungarian
"{AFB784D9-36E4-4367-3225-7EA1F89795CC}" = Catalyst Control Center Localization Dutch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B588F1BF-02C9-2454-ABAB-420B371EA715}" = CCC Help Japanese
"{BD2DA092-F254-43D0-9683-DD09840315C4}" = WISO EÜR & Kasse 2012
"{BE235AA6-439E-4639-8CAE-CA63373D3125}" = Rund um ... BIOskop 7-10 (Teil 1)
"{BE73C2EC-FFA1-DB9F-B4D1-A78813BDE46A}" = Catalyst Control Center Localization Polish
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C402BE7E-17AE-63D9-2418-CF87FB022946}" = Catalyst Control Center Graphics Previews Common
"{C58167D3-4FEC-B217-0155-1E19C6B50C53}" = CCC Help Norwegian
"{C6A5D6E2-19B4-4005-9670-C4D36C3AD55A}" = Nero BackItUp and Burn Essentials
"{C8E7B1C5-B9AA-18E2-049D-EF3792A71A47}" = CCC Help Hungarian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD7340BF-69F5-0DEF-2DB9-806AB914F970}" = CCC Help Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D45EAB00-6FAE-417B-8A4E-9578E2215F63}_is1" = Elemente Chemie Arbeitsblätter 2 deinstallieren
"{E2042C34-4B32-B3CD-17AD-AA645750FE35}" = CCC Help English
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8FA1C46-100F-1825-0FFC-A50D808DCFCB}" = CCC Help Chinese Traditional
"{EA7389EF-3392-6783-F681-9265BBEF1637}" = Catalyst Control Center Localization Japanese
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8630C82-B5F7-80AA-B752-52224F82F185}" = CCC Help Danish
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F912A817-C97F-8DCC-BCE9-FFB2F2B39BD9}" = Catalyst Control Center Core Implementation
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber
"Auerswald UNI TSP Treiber" = Auerswald UNI TSP Treiber
"AVMWLANCLI" = AVM FRITZ!WLAN
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVBViewer_is1" = DVBViewer Technisat Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NotenManager Heimversion" = NotenManager Heimversion 3.1
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.0.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.11.2012 15:12:38 | Computer Name = fennecus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mpnex40.exe, Version 4.0.0.0, Zeitstempel 0x4bbeac87,
fehlerhaftes Modul SCNUI.DLL_unloaded, Version 0.0.0.0, Zeitstempel 0x4c075832,
Ausnahmecode 0xc0000005, Fehleroffset 0x06dc546d, Prozess-ID 0x844, Anwendungsstartzeit
01cdc9ae152918de.

Error - 23.11.2012 15:14:39 | Computer Name = fennecus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mpnex40.exe, Version 4.0.0.0, Zeitstempel 0x4bbeac87,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x046b546d, Prozess-ID 0xa10, Anwendungsstartzeit 01cdc9ae8cf7fede.

Error - 23.11.2012 15:36:27 | Computer Name = fennecus-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 23.11.2012 15:36:29 | Computer Name = fennecus-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 23.11.2012 15:57:40 | Computer Name = fennecus-PC | Source = VSS | ID = 8194
Description =

Error - 23.11.2012 15:58:12 | Computer Name = fennecus-PC | Source = VSS | ID = 8194
Description =

Error - 23.11.2012 15:59:42 | Computer Name = fennecus-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 23.11.2012 16:05:52 | Computer Name = fennecus-PC | Source = EventSystem | ID = 4621
Description =

Error - 23.11.2012 16:17:30 | Computer Name = fennecus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mpnex40.exe, Version 4.0.0.0, Zeitstempel 0x4bbeac87,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x0672546d, Prozess-ID 0x1654, Anwendungsstartzeit 01cdc9b77ed1bff4.

Error - 23.11.2012 16:18:10 | Computer Name = fennecus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mpnex40.exe, Version 4.0.0.0, Zeitstempel 0x4bbeac87,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000409, Fehleroffset 0x00009ae2, Prozess-ID 0x1698, Anwendungsstartzeit 01cdc9b7a351ce14.

[ OSession Events ]
Error - 11.08.2008 05:15:14 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5364
seconds with 3960 seconds of active time. This session ended with a crash.

Error - 11.08.2008 05:17:03 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 89
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11.08.2008 05:18:27 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11.08.2008 06:04:38 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2739
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 11.08.2008 06:44:49 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2393
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 22.04.2011 08:28:15 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1555
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 01.11.2011 03:44:12 | Computer Name = fennecus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 567
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.11.2012 16:08:42 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 16:15:33 | Computer Name = fennecus-PC | Source = DCOM | ID = 10005
Description =

Error - 23.11.2012 16:15:33 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 16:15:57 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 16:17:01 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 16:17:05 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 16:18:02 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23.11.2012 19:58:15 | Computer Name = fennecus-PC | Source = atikmdag | ID = 43033
Description = Edid checksum error

Error - 23.11.2012 19:58:15 | Computer Name = fennecus-PC | Source = atikmdag | ID = 43033
Description = Edid checksum error

Error - 23.11.2012 19:59:59 | Computer Name = fennecus-PC | Source = Service Control Manager | ID = 7001
Description =

[ TuneUp Events ]
Error - 05.06.2012 08:08:03 | Computer Name = fennecus-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 08.10.2012 08:21:40 | Computer Name = fennecus-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21.11.2012 09:48:44 | Computer Name = fennecus-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21.11.2012 09:53:13 | Computer Name = fennecus-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 22.11.2012 01:04:21 | Computer Name = fennecus-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >

Ich bitte um Hilfe!
Grüße!
Frank

 

Themen zu spyware.zbot
application/pdf:, bho, defender, education, error, excel, fehlermeldung, fehlermodul, firefox, flash player, gmx.net, home, install.exe, kaspersky, logfile, mozilla, msiinstaller, ntdll.dll, plug-in, realtek, registry, rundll, scan, security, sparbuch, stick, tastatur, tracker, udp, usb, virus, vista, visual studio, wiso


« PUP.Blabbers und Trojaner gefunden | Avira Virus Fund - Java/DLDR.KARA.AN.2 »


Ähnliche Themen: spyware.zbot


  1. Win7 64bit - Spyware.Zbot.ED bzw. HEUR/QVM03.0.Malware.Gen gefunden durch Malwarebytes bzw. 360 Internet Security
    Log-Analyse und Auswertung - 19.12.2014 (11)
  2. Windows 7: Infizierung mit Spyware.Zbot.VXGen
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (15)
  3. Malwarebytes detektiert in einer Datei Spyware.Zbot. Ist das eventuell eine fehlerhafte Erkennung?
    Log-Analyse und Auswertung - 09.11.2013 (4)
  4. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  5. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  6. Spyware.Zbot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (5)
  7. spyware.zbot bitte helfen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (19)
  8. mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot)
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (37)
  9. Spyware.zbot von malwarebytes gefunden und angeblich entfernt - bin ich sicher oder versteckt es sich nur?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (5)
  10. Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (17)
  11. BKA-Trojaner Funde: Spyware.Zbot.DG Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (14)
  12. Infiziert mit Spyware.Zbot.DG und Trojan.Ransom.Gen
    Log-Analyse und Auswertung - 09.08.2012 (2)
  13. Konto leergeräumt! Exploits EXP/CVE-2012-1723.Z und Spyware.Zbot.OUT gefunden!
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (5)
  14. Bundespolizeitrojaner - Malewarebytes findet nur spyware.zbot.DG und pup.toolbar.downloader
    Log-Analyse und Auswertung - 09.07.2012 (2)
  15. Backdoor.Agent + Spyware.Zbot.DG
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (25)
  16. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  17. 3 tw. unbekannte Trojaner TR/Spy.ZBot.hkp.2, TR/Dropper.Gen und TR/Spy.ZBot.hss
    Plagegeister aller Art und deren Bekämpfung - 25.01.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema spyware.zbot - Hallo, seit einiger Zeit stürzen auf meinem PC Programme ab und mein Scanner-Treiber ist beschädigt. Es wird ein "Appcrash" angegeben. Die Anti-Malware-Software hat einen Virus "spyware.zbot" ausgemacht, den ich in - spyware.zbot...
Archiv
Du betrachtest: spyware.zbot auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131