Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Befall mit zBot Zeus, was tun?

Befall mit zBot Zeus, was tun?


Plagegeister aller Art und deren Bekämpfung: Befall mit zBot Zeus, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.01.2013, 00:38   #1
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?


Hallo!
Ich habe eine Email von der Telekom bekommen, dass ein PC bei uns von dem Trojaner Zbot Zeus befallen sein soll. Ich habe daraufhin Malwarebytes durchlaufen lassen mit folgendem Ergebnis:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tp :: TP-PC [Administrator]

Schutz: Aktiviert

1/10/2013 2:15:37 PM
mbam-log-2013-01-10 (14-15-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222038
Laufzeit: 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe (Trojan.Zbot) -> 4516 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{29EE5BB4-0161-AD41-1AA9-98C5185DBBD8} (Trojan.Zbot) -> Daten: C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe (Trojan.Zbot) -> Löschen bei Neustart.
C:\Users\tp\AppData\Roaming\Ozidm\omuxi.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tp\AppData\Roaming\Sahu\kawo.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Die darauf folgenden Scans haben keinen Befall mehr ergeben.

Otl hat folgenden Logfile ergeben:

OTL logfile created on: 1/14/2013 12:16:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.89 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.67% Memory free
3.78 Gb Paging File | 1.74 Gb Available in Paging File | 45.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 235.51 Gb Free Space | 84.58% Space Free | Partition Type: NTFS

Computer Name: TP-PC | User Name: tp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/01/14 00:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/19 10:11:41 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/04/07 19:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2011/04/07 19:09:36 | 000,023,568 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2011/01/13 22:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/12/29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/10/01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2009/05/16 02:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2007/09/06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
PRC - [2007/08/10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 03:36:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/05 11:53:24 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/25 05:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007/10/08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll
MOD - [2007/10/08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll
MOD - [2007/10/08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/09/06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
MOD - [2007/09/06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll
MOD - [2007/08/10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/08/10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
MOD - [2007/05/03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll
MOD - [2007/03/26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/01/13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/10/07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/09/20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device)
SRV:64bit: - [2007/07/17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/07 19:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2011/02/19 01:08:46 | 002,060,896 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2011/02/19 01:00:48 | 001,836,616 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)
SRV - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/07/21 21:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe -- (TmPfw)
SRV - [2010/07/21 21:44:22 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device)
SRV - [2007/07/17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 18:17:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/10 18:17:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/20 14:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 09:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/14 18:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/01/14 18:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/01/14 18:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/01/14 18:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/01/14 18:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/24 17:21:32 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 02:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/11/09 02:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/11/09 02:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 20:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/03/25 00:07:30 | 000,310,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011/03/25 00:07:20 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/03/24 23:56:32 | 001,988,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE:64bit: - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/02/10 17:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012/02/10 17:39:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Lexmark 9500 Series] C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543287DF-6EB7-4B59-BE54-257A20B2CA8C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E82DFE87-2B54-4706-B787-C60B6AF411CB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 00:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/10 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\QuickScan
[2013/01/10 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Malwarebytes
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/10 14:11:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 14:11:12 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Local\Programs
[2013/01/09 18:06:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 18:06:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 18:04:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 18:03:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 18:03:55 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 18:03:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 18:03:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 18:03:54 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 18:03:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 18:03:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 18:03:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 18:03:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 18:03:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 18:03:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 18:03:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 18:03:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 18:03:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 18:03:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 18:03:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 18:02:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/06 15:35:54 | 000,000,000 | R--D | C] -- C:\Users\tp\Dropbox
[2013/01/06 15:31:13 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Dropbox
[2012/12/22 02:13:44 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 02:13:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 02:13:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 02:13:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 00:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/13 23:50:52 | 000,794,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/13 23:50:52 | 000,671,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 23:50:52 | 000,124,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 23:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:49:43 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013/01/10 22:49:09 | 1522,663,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 14:11:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 13:04:43 | 000,002,019 | ---- | M] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 13:04:43 | 000,001,948 | ---- | M] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2013/01/10 12:10:51 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:17:39 | 000,789,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/10 14:11:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 12:50:58 | 000,002,019 | ---- | C] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 12:50:58 | 000,001,948 | ---- | C] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2012/05/10 01:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012/05/10 01:08:59 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012/05/10 01:08:02 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012/05/10 01:08:02 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012/05/10 01:08:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012/05/10 01:08:01 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012/05/10 01:08:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012/05/10 01:08:00 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012/05/10 01:08:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012/05/10 01:08:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012/05/10 01:07:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012/05/10 01:07:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012/05/10 01:07:59 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012/05/10 01:07:59 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012/05/10 01:07:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012/05/10 01:07:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012/05/10 01:07:59 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012/03/16 12:05:29 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/02/10 17:51:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/10 17:51:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/10 17:51:21 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/10 17:51:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/10 17:51:19 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/10 16:58:46 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011/02/10 15:33:46 | 000,789,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Ist das Syytem jetzt wieder sauber? Wie soll ich am besten weiterverfahren? Wahrscheinlich auf jeden Fall alle Passwörter ändern?! Online Banking mache ich keines.

Vielen vielen Dank im Voraus.
Grüße

 

Themen zu Befall mit zBot Zeus, was tun?
administrator, adobe, autorun, avira, bho, defender, dell computer, email, entfernen, explorer, firefox, format, helper, logfile, löschen, malwarebytes, microsoft, online banking, plug-in, realtek, registry, security, server, software, trojaner, usb, winlogon, ändern


« Google Suchergebnisse schicken mich auf falsche seiten! | GVU Virus, weißer Bildschirm, keine abgesicherter Modus »


Ähnliche Themen: Befall mit zBot Zeus, was tun?


  1. Zeus ZBot Infektion
    Log-Analyse und Auswertung - 03.07.2015 (18)
  2. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  3. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  4. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  5. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  6. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  7. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  8. Telekombrief ZeuS/Zbot - was muss ich tun?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (9)
  9. Trotz Formatierung Zeus/ZBot?
    Log-Analyse und Auswertung - 11.03.2013 (4)
  10. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  11. Zeus/ZBot TRojaner
    Log-Analyse und Auswertung - 20.02.2013 (12)
  12. ZeuS/ZBot...was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (15)
  13. ZeuS/Zbot-Befall laut Telekom
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (11)
  14. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  15. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  16. Trojaner ZeuS/ZBot
    Log-Analyse und Auswertung - 11.10.2012 (1)
  17. Telekom beanstandet ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Befall mit zBot Zeus, was tun? - Hallo! Ich habe eine Email von der Telekom bekommen, dass ein PC bei uns von dem Trojaner Zbot Zeus befallen sein soll. Ich habe daraufhin Malwarebytes durchlaufen lassen mit folgendem - Befall mit zBot Zeus, was tun?...
Archiv
Du betrachtest: Befall mit zBot Zeus, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131