| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2013, 10:22
| #1 |
 |  Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hallo guten Tag zusammen, nachdem ich auf meinem Handy eine SMS erhalten habe, daß ich von einem bestimmten Link eine Sicherheitssoftware downloaden soll sonst würde die mTan (Onlinebanking) gesperrt wurde ich stutzig u. kontaktierte die Postbank. Man sagte mir ich hätte wohl einen Trojaner. Malwarebytes fand die im Betreff genannten Schädlinge.Ob die jetzt weg sind oder nur in Quarantäne weiß ich nicht. Mir macht es nichts aus das System neu aufsetzen zu müssen im Grund schnell gemacht. ABER ich habe Angst, daß ich Windows nicht mehr auf den leeren PC dann bekomme. Das Netbook hat kein CD-Fach und demnach gibt es keine Recovery-CD. Habe dann erfahren, daß eine Neuinstallation von Windows auch über USB-Stick möglich ist.Ich habe aber Angst davor, daß es nicht funktioniert denn das Netbook ist zur Zeit lebenswichtig!Auch habe ich nicht soviel Geld, um das Ding dann wieder zur Reparatur zu schleppen. Will mich intensiver mit diesem Thema befassen bevor ich was mache. Bis dahin möchte ich sicher gehen, daß die Biester zumindest unschädlich gemacht wurden. Also: Wollte nun den Anweisungen VOR dem Einstellen eines neuen Thread folgen. OTL ist durch ABER mit GMER gibt es Probleme. Bekomme die Fehlermeldung, daß das Programm nicht funktioniert. Nach dem dritten Versuch wurde plötzlich der Bildschirm blau, Fehlermeldung auf Englisch, daß Windows heruntergefahren werden muß, um Schaden am System zu vermeiden und so. Noch mal ein Versuch, während des Scans fror der Bildschirm ein, gar nichts ging mehr. Stromkabel raus, Akku raus und wieder rein, Windows startete dann wieder. Letzter Versuch mit umbenannten Programm (aus Gmer.exe wurde Anwendung.exe) dasselbe. Soll ich jetzt Gmer überspringen und mit den anderen Anweisungen weitermachen? Hier sind die OTL-Dateien: Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.06.2013 09:10:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 523,91 Mb Available Physical Memory | 51,66% Memory free
1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 75,31 Gb Free Space | 75,31% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 104,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"o2DE" = Mobile Connection Manager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite" = Windows Live Essentials
"ZTE USB Driver" = ZTE USB Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.06.2013 02:21:29 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 02:35:02 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 17.06.2013 12:36:05 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=84C} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 12:36:05 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 12:46:05 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 17.06.2013 13:29:50 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=868} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 13:29:50 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 13:44:16 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=864} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 13:44:16 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 13:58:36 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 17.06.2013 14:15:14 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=844} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 14:15:14 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
[ System Events ]
Error - 16.05.2013 15:44:31 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 03:00:02 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 03:24:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 17:38:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 00:08:23 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 09:46:02 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 13:13:45 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 15:33:57 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.05.2013 04:20:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.05.2013 08:43:30 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2013 09:10:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 523,91 Mb Available Physical Memory | 51,66% Memory free 1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 75,31 Gb Free Space | 75,31% Space Free | Partition Type: NTFS Drive D: | 183,07 Gb Total Space | 104,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.12 01:08:52 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2011.01.07 00:16:38 | 000,414,384 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe ========== Modules (No Company Name) ========== MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe ========== Services (SafeList) ========== SRV - [2013.06.13 20:31:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwampfl.sys -- (btwampfl) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.22 03:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.12.28 16:52:40 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.02.03 17:56:22 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.moneymillionar.de/startpage.php" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.01 01:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2013.04.05 10:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\90ej64gh.default\extensions [2013.04.05 10:28:28 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\90ej64gh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.05.23 12:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.05.23 12:40:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - Extension: Google Docs = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKCU..\Run: [Totowyuro] C:\Users\user\AppData\Roaming\Naid\vezi.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10B58776-A0D2-46C4-9497-F86728F2A2C3}: DhcpNameServer = 172.28.64.1 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.24 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\TrojanerBoard [2013.06.24 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7D65BD61-7E8D-41B5-B903-2E9AD5F7FD8F} [2013.06.19 18:32:15 | 000,000,000 | ---D | C] -- C:\Users\user\Neuer Ordner [2013.06.13 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\AUSDRUCKEN HEINZ [2013.06.13 03:18:35 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.06.13 03:18:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.06.13 03:18:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.06.13 03:18:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.06.13 03:18:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.06.13 03:18:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.06.13 03:18:32 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.06.13 03:18:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.06.13 03:01:06 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.06.13 03:01:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.06.12 00:05:59 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe [2013.06.12 00:05:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll [2013.06.11 23:54:56 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2013.06.11 23:54:55 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2013.06.11 23:22:55 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.06.11 23:19:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll [2013.05.28 01:05:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{EEA485C0-33CF-43ED-BF51-90299A39F7D2} ========== Files - Modified Within 30 Days ========== [2013.06.24 08:55:07 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000UA.job [2013.06.24 08:40:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.24 08:36:05 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:36:05 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:33:18 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.24 08:33:18 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.24 08:33:18 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.24 08:33:18 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.24 08:28:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.24 08:28:32 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013.06.23 16:55:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000Core.job [2013.06.23 16:51:48 | 000,000,000 | -H-- | M] () -- C:\Users\user\Documents\Default.rdp [2013.06.20 23:10:40 | 000,002,321 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013.06.20 15:15:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.20 12:12:11 | 000,246,028 | ---- | M] () -- C:\Users\user\AppData\Local\census.cache [2013.06.20 12:12:02 | 000,090,721 | ---- | M] () -- C:\Users\user\AppData\Local\ars.cache [2013.06.13 20:31:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.06.13 20:31:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.06.23 16:51:48 | 000,000,000 | -H-- | C] () -- C:\Users\user\Documents\Default.rdp [2013.06.20 15:15:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.18 15:53:13 | 000,063,867 | ---- | C] () -- C:\Users\user\7426061.exe [2013.05.04 01:28:30 | 000,014,708 | ---- | C] () -- C:\Users\user\3528406.exe [2013.04.21 12:37:47 | 000,246,028 | ---- | C] () -- C:\Users\user\AppData\Local\census.cache [2013.04.21 12:37:26 | 000,090,721 | ---- | C] () -- C:\Users\user\AppData\Local\ars.cache [2013.04.08 14:18:53 | 000,000,981 | ---- | C] () -- C:\windows\MD_MacroDiffs.INI [2013.04.08 14:18:53 | 000,000,905 | ---- | C] () -- C:\windows\MD_MicroDiffs.INI [2013.04.08 14:18:53 | 000,000,817 | ---- | C] () -- C:\windows\CFX.INI [2013.04.06 14:35:17 | 000,007,612 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2013.02.25 18:45:47 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2013.02.25 18:43:20 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.02.25 18:46:17 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ȫ [2013.02.25 18:46:16 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ȫ < End of report > Ich habe Win7starter 32bit, gehe meistens mit Firefox online (nebenbei mit GoogleChrome, IE nutze ich fast nicht). Danke im voraus. Lieben Gruß SternLilly |
|
24.06.2013, 10:51
| #2 |
| /// the machine /// TB-Ausbilder    |  Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
25.06.2013, 09:30
| #3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hallo Schrauber,
__________________danke für Deine Antwort. Hier die Logdateien: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2013
Ran by user (administrator) on 25-06-2013 09:36:16
Running from C:\Users\user\Downloads
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\windows\system32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun [414384 2011-01-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKCU\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-03-24] (Google Inc.)
HKCU\...\Run: [Totowyuro] C:\Users\user\AppData\Roaming\Naid\vezi.exe [x]
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default\user.js
FF Homepage: https://www.moneymillionar.de/startpage.php
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
Chrome:
=======
CHR RestoreOnStartup: "hxxp://welt.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-25 09:36 - 2013-06-25 09:36 - 00000000 ____D C:\FRST
2013-06-25 01:17 - 2013-06-24 23:36 - 01370195 ____A (Farbar) C:\Users\user\Downloads\FRST.exe
2013-06-24 09:56 - 2013-06-24 09:57 - 00145216 ____A C:\Windows\Minidump\062413-14617-01.dmp
2013-06-24 09:56 - 2013-06-24 09:56 - 197213410 ____A C:\Windows\MEMORY.DMP
2013-06-24 09:56 - 2013-06-24 09:56 - 00000000 ____D C:\Windows\Minidump
2013-06-24 01:42 - 2013-06-24 01:42 - 00000000 ____D C:\Users\user\AppData\Local\{7D65BD61-7E8D-41B5-B903-2E9AD5F7FD8F}
2013-06-23 16:51 - 2013-06-23 16:51 - 00000000 ___AH C:\Users\user\Documents\Default.rdp
2013-06-23 15:19 - 2013-06-24 01:24 - 00004541 ____A C:\Users\user\Documents\j.txt
2013-06-23 13:13 - 2013-06-23 13:13 - 00000000 ____D C:\Users\user\Downloads\(2 ungelesen) – susannegeisler – Yahoo! Mail_files
2013-06-23 13:12 - 2013-06-23 13:13 - 00210545 ____A C:\Users\user\Downloads\(2 ungelesen) – susannegeisler – Yahoo! Mail.htm
2013-06-23 01:57 - 2013-06-23 01:57 - 00000509 ____A C:\Users\user\Documents\widerruf3.txt
2013-06-20 18:43 - 2013-06-20 18:43 - 00025417 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot_2.htm
2013-06-20 13:12 - 2013-06-20 13:12 - 00002078 ____A C:\Users\user\Documents\Zahlungen.txt
2013-06-20 13:09 - 2013-06-20 13:09 - 00000251 ____A C:\Users\user\Documents\email arschgeigen kornstraße.txt
2013-06-20 09:59 - 2013-06-20 13:15 - 00000784 ____A C:\Users\user\Documents\mysurvey.txt
2013-06-19 18:32 - 2013-06-19 18:40 - 00000000 ____D C:\Users\user\Neuer Ordner
2013-06-15 09:57 - 2013-06-15 12:18 - 00000136 ____A C:\Users\user\Documents\umfragen verdienst.txt
2013-06-13 22:09 - 2013-06-13 22:09 - 00000078 ____A C:\Users\user\Documents\BÜCHER.txt
2013-06-13 10:13 - 2013-06-23 16:52 - 00000000 ____D C:\Users\user\Desktop\AUSDRUCKEN HEINZ
2013-06-13 03:18 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 00:05 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 00:05 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 23:54 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 23:54 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:48 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 23:22 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 23:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 23:17 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 22:14 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 19:18 - 2013-06-11 19:18 - 00125423 ____A C:\Users\user\Downloads\Krebserregendes Benzol in Erfrischungsgetränken entdeckt - WEB.DE.htm
2013-06-07 18:57 - 2013-06-11 13:08 - 00001022 ____A C:\Users\user\Documents\mail vogel.txt
2013-06-05 12:30 - 2013-06-05 12:30 - 00001289 ____A C:\Users\user\Documents\stellengebot.txt
2013-06-02 13:45 - 2013-06-02 13:45 - 00000649 ____A C:\Users\user\Documents\widerruf2.txt
2013-05-28 01:05 - 2013-05-28 01:05 - 00000000 ____D C:\Users\user\AppData\Local\{EEA485C0-33CF-43ED-BF51-90299A39F7D2}
2013-05-26 20:26 - 2013-05-26 20:26 - 00097602 ____A C:\Users\user\Downloads\Junges Kind Mit Einem Geschwollenen Augenlid Und Dem Schauen Sehr Traurig Lizenzfreie Fotos, Bilder Und Stock Fotografie. Image 632450.htm
2013-05-26 02:04 - 2013-05-26 02:04 - 00000548 ____A C:\Users\user\Documents\widerruf.txt
==================== One Month Modified Files and Folders ========
2013-06-25 09:36 - 2013-06-25 09:36 - 00000000 ____D C:\FRST
2013-06-25 09:35 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 09:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 09:35 - 2009-07-14 06:39 - 00076755 ____A C:\Windows\setupact.log
2013-06-25 02:40 - 2013-03-01 01:38 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 02:40 - 2013-02-26 03:35 - 01265968 ____A C:\Windows\WindowsUpdate.log
2013-06-25 01:55 - 2013-03-24 11:35 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000UA.job
2013-06-25 01:17 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 01:17 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 00:28 - 2009-07-27 12:11 - 01530778 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 23:36 - 2013-06-25 01:17 - 01370195 ____A (Farbar) C:\Users\user\Downloads\FRST.exe
2013-06-24 11:50 - 2013-03-04 01:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-24 09:57 - 2013-06-24 09:56 - 00145216 ____A C:\Windows\Minidump\062413-14617-01.dmp
2013-06-24 09:56 - 2013-06-24 09:56 - 197213410 ____A C:\Windows\MEMORY.DMP
2013-06-24 09:56 - 2013-06-24 09:56 - 00000000 ____D C:\Windows\Minidump
2013-06-24 01:42 - 2013-06-24 01:42 - 00000000 ____D C:\Users\user\AppData\Local\{7D65BD61-7E8D-41B5-B903-2E9AD5F7FD8F}
2013-06-24 01:24 - 2013-06-23 15:19 - 00004541 ____A C:\Users\user\Documents\j.txt
2013-06-23 16:55 - 2013-03-24 11:35 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000Core.job
2013-06-23 16:52 - 2013-06-13 10:13 - 00000000 ____D C:\Users\user\Desktop\AUSDRUCKEN HEINZ
2013-06-23 16:51 - 2013-06-23 16:51 - 00000000 ___AH C:\Users\user\Documents\Default.rdp
2013-06-23 13:13 - 2013-06-23 13:13 - 00000000 ____D C:\Users\user\Downloads\(2 ungelesen) – susannegeisler – Yahoo! Mail_files
2013-06-23 13:13 - 2013-06-23 13:12 - 00210545 ____A C:\Users\user\Downloads\(2 ungelesen) – susannegeisler – Yahoo! Mail.htm
2013-06-23 01:57 - 2013-06-23 01:57 - 00000509 ____A C:\Users\user\Documents\widerruf3.txt
2013-06-20 23:10 - 2013-03-24 13:40 - 00002321 ____A C:\Users\user\Desktop\Google Chrome.lnk
2013-06-20 21:05 - 2013-04-14 23:17 - 00014274 ____A C:\Users\user\Documents\bewerbung.txt
2013-06-20 18:43 - 2013-06-20 18:43 - 00025417 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot_2.htm
2013-06-20 18:05 - 2013-05-01 12:25 - 00025557 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot.htm
2013-06-20 15:55 - 2011-04-21 02:32 - 00245818 ____A C:\Windows\PFRO.log
2013-06-20 15:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-06-20 15:54 - 2013-05-01 16:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Naid
2013-06-20 13:39 - 2013-02-25 18:41 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-06-20 13:15 - 2013-06-20 09:59 - 00000784 ____A C:\Users\user\Documents\mysurvey.txt
2013-06-20 13:15 - 2013-04-13 02:58 - 00003342 ____A C:\Users\user\Documents\w.txt
2013-06-20 13:12 - 2013-06-20 13:12 - 00002078 ____A C:\Users\user\Documents\Zahlungen.txt
2013-06-20 13:09 - 2013-06-20 13:09 - 00000251 ____A C:\Users\user\Documents\email arschgeigen kornstraße.txt
2013-06-20 13:05 - 2013-04-13 14:56 - 00010152 ____A C:\Users\user\Documents\forum neu.txt
2013-06-20 12:12 - 2013-04-21 12:37 - 00246028 ____A C:\Users\user\AppData\Local\census.cache
2013-06-20 12:12 - 2013-04-21 12:37 - 00090721 ____A C:\Users\user\AppData\Local\ars.cache
2013-06-19 18:40 - 2013-06-19 18:32 - 00000000 ____D C:\Users\user\Neuer Ordner
2013-06-18 14:41 - 2013-04-22 08:58 - 00000000 ____D C:\Users\user\Desktop\Screenshots_Mailer
2013-06-15 19:45 - 2013-04-25 16:09 - 00002078 ____A C:\Users\user\Documents\Zahlungen Mai.txt
2013-06-15 12:18 - 2013-06-15 09:57 - 00000136 ____A C:\Users\user\Documents\umfragen verdienst.txt
2013-06-14 11:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 22:09 - 2013-06-13 22:09 - 00000078 ____A C:\Users\user\Documents\BÜCHER.txt
2013-06-13 22:07 - 2013-04-08 20:57 - 00000000 ____D C:\Users\user\AppData\Roaming\SoftGrid Client
2013-06-13 20:31 - 2013-03-01 01:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 20:31 - 2013-03-01 01:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 11:13 - 2013-03-02 23:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-11 20:25 - 2013-01-17 13:06 - 00004043 ____A C:\Users\user\Documents\arzt.txt
2013-06-11 19:18 - 2013-06-11 19:18 - 00125423 ____A C:\Users\user\Downloads\Krebserregendes Benzol in Erfrischungsgetränken entdeckt - WEB.DE.htm
2013-06-11 13:08 - 2013-06-07 18:57 - 00001022 ____A C:\Users\user\Documents\mail vogel.txt
2013-06-08 13:42 - 2013-06-13 03:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:13 - 2013-06-13 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-05 12:30 - 2013-06-05 12:30 - 00001289 ____A C:\Users\user\Documents\stellengebot.txt
2013-06-02 13:45 - 2013-06-02 13:45 - 00000649 ____A C:\Users\user\Documents\widerruf2.txt
2013-05-28 01:05 - 2013-05-28 01:05 - 00000000 ____D C:\Users\user\AppData\Local\{EEA485C0-33CF-43ED-BF51-90299A39F7D2}
2013-05-27 00:09 - 2013-05-22 23:03 - 00000803 ____A C:\Users\user\Documents\mail arschloch.txt
2013-05-26 22:19 - 2013-05-25 00:35 - 00000000 ____A C:\Users\user\Documents\kölsch.txt
2013-05-26 20:26 - 2013-05-26 20:26 - 00097602 ____A C:\Users\user\Downloads\Junges Kind Mit Einem Geschwollenen Augenlid Und Dem Schauen Sehr Traurig Lizenzfreie Fotos, Bilder Und Stock Fotografie. Image 632450.htm
2013-05-26 02:04 - 2013-05-26 02:04 - 00000548 ____A C:\Users\user\Documents\widerruf.txt
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\Users\user\3528406.exe
C:\Users\user\7426061.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 16:20
==================== End Of Log ============================
--- --- --- --- --- ---
Gruß und schönen Tag noch Sternlilly |
|
25.06.2013, 14:07
| #4 | |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2013, 01:30
| #5 | ||||||||
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hier der Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-25.01 - user 26.06.2013 9:55.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.364 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\user\3528406.exe
c:\users\user\7426061.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-26 bis 2013-06-26 ))))))))))))))))))))))))))))))
.
.
2013-06-26 08:05 . 2013-06-26 08:05 -------- d-----w- c:\users\user\AppData\Local\temp
2013-06-26 08:05 . 2013-06-26 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-25 19:19 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{609DFF29-F1E6-4A54-80F5-CC4FB9B307A1}\mpengine.dll
2013-06-25 07:36 . 2013-06-25 07:36 -------- d-----w- C:\FRST
2013-06-19 16:32 . 2013-06-19 16:40 -------- d-----w- c:\users\user\Neuer Ordner
2013-06-13 01:01 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 01:01 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-11 22:05 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 22:05 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 22:05 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 22:05 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 22:05 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 21:54 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-11 21:54 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-11 21:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 21:22 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-11 21:19 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 21:17 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 20:14 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 18:31 . 2013-02-28 23:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 18:31 . 2013-02-28 23:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-24 18:09 . 2013-05-24 18:09 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-24 18:09 . 2013-05-24 18:09 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-24 18:09 . 2013-05-24 18:09 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-24 18:09 . 2013-05-24 18:09 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-24 18:09 . 2013-05-24 18:09 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-24 18:09 . 2013-05-24 18:09 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-24 18:09 . 2013-05-24 18:09 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-24 18:09 . 2013-05-24 18:09 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-24 18:09 . 2013-05-24 18:09 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-24 18:09 . 2013-05-24 18:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-24 18:09 . 2013-05-24 18:09 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-24 18:09 . 2013-05-24 18:09 361984 ----a-w- c:\windows\system32\html.iec
2013-05-24 18:09 . 2013-05-24 18:09 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-24 18:09 . 2013-05-24 18:09 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-24 18:09 . 2013-05-24 18:09 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-24 18:09 . 2013-05-24 18:09 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-24 18:09 . 2013-05-24 18:09 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-24 18:07 . 2013-05-24 18:07 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-05-24 18:07 . 2013-05-24 18:07 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-24 18:07 . 2013-05-24 18:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-24 18:07 . 2013-05-24 18:07 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-24 18:07 . 2013-05-24 18:07 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-05-24 18:07 . 2013-05-24 18:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-05-24 18:07 . 2013-05-24 18:07 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-24 18:07 . 2013-05-24 18:07 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-24 18:07 . 2013-05-24 18:07 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-24 18:07 . 2013-05-24 18:07 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-24 18:07 . 2013-05-24 18:07 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-24 18:07 . 2013-05-24 18:07 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-24 18:07 . 2013-05-24 18:07 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-24 18:07 . 2013-05-24 18:07 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-24 18:07 . 2013-05-24 18:07 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-05-24 18:07 . 2013-05-24 18:07 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-24 18:07 . 2013-05-24 18:07 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-05-24 18:07 . 2013-05-24 18:07 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-02 00:06 . 2013-03-03 15:55 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 00:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 00:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 06:32 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 22:03 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 22:03 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 22:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 23:56 . 2013-03-31 23:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-31 23:56 . 2013-03-31 23:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-31 23:56 . 2013-03-31 23:57 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-12-28 10240]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 9728]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 37064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 18:31]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-24 09:35]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-24 09:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.moneymillionar.de/startpage.php
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Totowyuro - c:\users\user\AppData\Roaming\Naid\vezi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-26 10:08:31
ComboFix-quarantined-files.txt 2013-06-26 08:08
.
Vor Suchlauf: 7 Verzeichnis(se), 80.370.356.224 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 81.325.744.128 Bytes frei
.
- - End Of File - - DA1A35FCCBA52E684FAAD1E50B128F7C
A36C5E4F47E84449FF07ED3517B43A31 [/TABLE] Combo Fix Quarantined Files:
Grüßele Sternlilly |
|
27.06.2013, 08:13
| #6 |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 |
|
27.06.2013, 18:49
| #7 |
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 1. adwCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 27/06/2013 um 18:32:38 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
-\\ Google Chrome v27.0.1453.116
*************************
AdwCleaner[S1].txt - [629 octets] - [27/06/2013 18:32:38]
########## EOF - C:\AdwCleaner[S1].txt - [688 octets] ##########
2. Junkware Removal Tool: Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by user on 27.06.2013 at 18:46:11,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{02AFAFEE-A4C3-4964-B942-E49D1FD92979}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{27538905-2D8B-45E9-8331-6A392E6E4DAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2AADDCDA-B6E5-4B05-B07E-85A49637C79C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3405CFB0-43F6-4EC4-B786-955D06D83E90}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{371D6AEA-3B98-405A-8EF3-63BBE1D92C26}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{382D564D-5543-4194-8483-876106EA93DA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{39AFB708-272A-4365-BFC2-26E6999AE664}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{46D75671-B0D3-4F40-AA78-CD73B2086F72}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4DBAC020-DFF7-4613-818B-29C5CD054DC8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{712484EA-C4E2-4D14-822D-D59BE1D54147}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{75B04030-BC62-43B8-8460-DD8F1759A6D8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{78EE4D43-DF7D-470B-8E2C-E962D66A6889}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7D65BD61-7E8D-41B5-B903-2E9AD5F7FD8F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{835D4E56-6453-4A24-80A4-53721630F0F8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A2D48435-A7D5-4410-9AFA-9BF24D36CDD1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A9E5072F-1917-4942-B62B-B645BC96E350}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BBB7FCD0-BDC7-4417-8DB8-0EE82869EC3B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D8046914-ABBF-407A-8886-4B879F2FFE1F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DA3BD111-ECC3-46B2-AAAF-563B10B1C6F2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EEA485C0-33CF-43ED-BF51-90299A39F7D2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F5758BAC-F1CC-4650-AEDD-346F358107BC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF0CF2C3-35D6-46BD-825F-25746953B871}
~~~ FireFox
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\90ej64gh.default\user.js
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\90ej64gh.default\minidumps [269 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.06.2013 at 18:49:14,82
End of JRT log
3. FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by user (administrator) on 27-06-2013 19:14:55
Running from C:\Users\user\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\windows\system32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun [414384 2011-01-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default
FF Homepage: https://www.moneymillionar.de/startpage.php
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\90ej64gh.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
Chrome:
=======
CHR RestoreOnStartup: "hxxp://welt.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Bitdefender QuickScan) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-27 18:56 - 2013-06-27 01:12 - 01370369 ____A (Farbar) C:\Users\user\Desktop\FRST.exe
2013-06-27 18:51 - 2013-06-27 18:51 - 00003173 ____A C:\Users\user\Documents\JRT.txt
2013-06-27 18:49 - 2013-06-27 18:49 - 00003173 ____A C:\Users\user\Desktop\JRT.txt
2013-06-27 18:46 - 2013-06-27 18:46 - 00000000 ____D C:\Windows\ERUNT
2013-06-27 18:45 - 2013-06-27 18:45 - 00000000 ____D C:\JRT
2013-06-27 18:32 - 2013-06-27 18:33 - 00000756 ____A C:\AdwCleaner[S1].txt
2013-06-27 17:52 - 2013-05-07 00:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\user\Desktop\JRT.exe
2013-06-27 17:32 - 2013-06-27 17:32 - 00648201 ____A C:\Users\user\Desktop\adwcleaner.exe
2013-06-27 10:17 - 2013-06-27 10:17 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan
2013-06-26 17:11 - 2013-06-26 17:12 - 00000000 ___SD C:\ComboFix
2013-06-26 09:52 - 2013-06-26 17:11 - 00000000 ____D C:\Qoobox
2013-06-26 09:52 - 2013-06-26 10:06 - 00000000 ____D C:\Windows\erdnt
2013-06-26 09:52 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-26 09:52 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-26 09:52 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-26 09:52 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-26 09:52 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-26 09:52 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-26 09:52 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-26 09:52 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-26 01:25 - 2013-06-25 22:24 - 05082915 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-06-25 09:36 - 2013-06-25 09:36 - 00000000 ____D C:\FRST
2013-06-24 09:56 - 2013-06-24 09:57 - 00145216 ____A C:\Windows\Minidump\062413-14617-01.dmp
2013-06-24 09:56 - 2013-06-24 09:56 - 197213410 ____A C:\Windows\MEMORY.DMP
2013-06-24 09:56 - 2013-06-24 09:56 - 00000000 ____D C:\Windows\Minidump
2013-06-23 16:51 - 2013-06-23 16:51 - 00000000 ___AH C:\Users\user\Documents\Default.rdp
2013-06-23 15:19 - 2013-06-27 18:28 - 00008233 ____A C:\Users\user\Documents\j.txt
2013-06-23 13:13 - 2013-06-23 13:13 - 00000000 ____D C:\Users\user\Downloads\(2 ungelesen) – ***– Yahoo! Mail_files
2013-06-23 13:12 - 2013-06-23 13:13 - 00210545 ____A C:\Users\user\Downloads\(2 ungelesen) – *** – Yahoo! Mail.htm
2013-06-23 01:57 - 2013-06-23 01:57 - 00000509 ____A C:\Users\user\Documents\widerruf3.txt
2013-06-20 18:43 - 2013-06-20 18:43 - 00025417 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot_2.htm
2013-06-20 13:12 - 2013-06-25 20:41 - 00003390 ____A C:\Users\user\Documents\Zahlungen.txt
2013-06-20 13:09 - 2013-06-20 13:09 - 00000251 ____A C:\Users\user\Documents\email ***
2013-06-20 09:59 - 2013-06-20 13:15 - 00000784 ____A C:\Users\user\Documents\mysurvey.txt
2013-06-19 18:32 - 2013-06-19 18:40 - 00000000 ____D C:\Users\user\Neuer Ordner
2013-06-15 09:57 - 2013-06-15 12:18 - 00000136 ____A C:\Users\user\Documents\umfragen verdienst.txt
2013-06-13 22:09 - 2013-06-13 22:09 - 00000078 ____A C:\Users\user\Documents\BÜCHER.txt
2013-06-13 10:13 - 2013-06-23 16:52 - 00000000 ____D C:\Users\user\Desktop\AUSDRUCKEN HEINZ
2013-06-13 03:18 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 00:05 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 00:05 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 00:05 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 23:54 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 23:54 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:48 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 23:22 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 23:19 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 23:17 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 22:14 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 19:18 - 2013-06-11 19:18 - 00125423 ____A C:\Users\user\Downloads\Krebserregendes Benzol in Erfrischungsgetränken entdeckt - WEB.DE.htm
2013-06-07 18:57 - 2013-06-11 13:08 - 00001022 ____A C:\Users\user\Documents\mail vogel.txt
2013-06-05 12:30 - 2013-06-05 12:30 - 00001289 ____A C:\Users\user\Documents\stellengebot.txt
2013-06-02 13:45 - 2013-06-02 13:45 - 00000649 ____A C:\Users\user\Documents\wideruf2.txt
==================== One Month Modified Files and Folders ========
2013-06-27 18:55 - 2013-03-24 11:35 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000UA.job
2013-06-27 18:51 - 2013-06-27 18:51 - 00003173 ____A C:\Users\user\Documents\JRT.txt
2013-06-27 18:49 - 2013-06-27 18:49 - 00003173 ____A C:\Users\user\Desktop\JRT.txt
2013-06-27 18:46 - 2013-06-27 18:46 - 00000000 ____D C:\Windows\ERUNT
2013-06-27 18:45 - 2013-06-27 18:45 - 00000000 ____D C:\JRT
2013-06-27 18:42 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:42 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:40 - 2013-03-01 01:38 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 18:39 - 2009-07-27 12:11 - 01530778 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 18:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 18:35 - 2009-07-14 06:39 - 00077427 ____A C:\Windows\setupact.log
2013-06-27 18:34 - 2013-02-26 03:35 - 01544431 ____A C:\Windows\WindowsUpdate.log
2013-06-27 18:33 - 2013-06-27 18:32 - 00000756 ____A C:\AdwCleaner[S1].txt
2013-06-27 18:28 - 2013-06-23 15:19 - 00008233 ____A C:\Users\user\Documents\j.txt
2013-06-27 17:32 - 2013-06-27 17:32 - 00648201 ____A C:\Users\user\Desktop\adwcleaner.exe
2013-06-27 16:55 - 2013-03-24 11:35 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000Core.job
2013-06-27 10:17 - 2013-06-27 10:17 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan
2013-06-27 01:12 - 2013-06-27 18:56 - 01370369 ____A (Farbar) C:\Users\user\Desktop\FRST.exe
2013-06-27 00:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-26 18:35 - 2011-04-21 02:32 - 00246922 ____A C:\Windows\PFRO.log
2013-06-26 17:12 - 2013-06-26 17:11 - 00000000 ___SD C:\ComboFix
2013-06-26 17:11 - 2013-06-26 09:52 - 00000000 ____D C:\Qoobox
2013-06-26 10:08 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-26 10:06 - 2013-06-26 09:52 - 00000000 ____D C:\Windows\erdnt
2013-06-26 10:05 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-25 22:24 - 2013-06-26 01:25 - 05082915 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-06-25 20:41 - 2013-06-20 13:12 - 00003390 ____A C:\Users\user\Documents\Zahlungen.txt
2013-06-25 09:36 - 2013-06-25 09:36 - 00000000 ____D C:\FRST
2013-06-25 09:35 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-24 09:57 - 2013-06-24 09:56 - 00145216 ____A C:\Windows\Minidump\062413-14617-01.dmp
2013-06-24 09:56 - 2013-06-24 09:56 - 197213410 ____A C:\Windows\MEMORY.DMP
2013-06-24 09:56 - 2013-06-24 09:56 - 00000000 ____D C:\Windows\Minidump
2013-06-23 16:52 - 2013-06-13 10:13 - 00000000 ____D C:\Users\user\Desktop\AUSDRUCKEN HEINZ
2013-06-23 16:51 - 2013-06-23 16:51 - 00000000 ___AH C:\Users\user\Documents\Default.rdp
2013-06-23 13:13 - 2013-06-23 13:13 - 00000000 ____D C:\Users\user\Downloads\(2 ungelesen) – ***– Yahoo! Mail_files
2013-06-23 13:13 - 2013-06-23 13:12 - 00210545 ____A C:\Users\user\Downloads\(2 ungelesen) – *** – Yahoo! Mail.htm
2013-06-23 01:57 - 2013-06-23 01:57 - 00000509 ____A C:\Users\user\Documents\widerruf3.txt
2013-06-20 23:10 - 2013-03-24 13:40 - 00002321 ____A C:\Users\user\Desktop\Google Chrome.lnk
2013-06-20 21:05 - 2013-04-14 23:17 - 00014274 ____A C:\Users\user\Documents\bewerbung.txt
2013-06-20 18:43 - 2013-06-20 18:43 - 00025417 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot_2.htm
2013-06-20 18:05 - 2013-05-01 12:25 - 00025557 ____A C:\Users\user\Downloads\JOBBÖRSE - Stellenangebot.htm
2013-06-20 15:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-06-20 15:54 - 2013-05-01 16:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Naid
2013-06-20 13:39 - 2013-02-25 18:41 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-06-20 13:15 - 2013-06-20 09:59 - 00000784 ____A C:\Users\user\Documents\mysurvey.txt
2013-06-20 13:15 - 2013-04-13 02:58 - 00003342 ____A C:\Users\user\Documents\w.txt
2013-06-20 13:09 - 2013-06-20 13:09 - 00000251 ____A C:\Users\user\Documents\email
2013-06-20 13:05 - 2013-04-13 14:56 - 00010152 ____A C:\Users\user\Documents\forum ***neu.txt
2013-06-20 12:12 - 2013-04-21 12:37 - 00246028 ____A C:\Users\user\AppData\Local\census.cache
2013-06-20 12:12 - 2013-04-21 12:37 - 00090721 ____A C:\Users\user\AppData\Local\ars.cache
2013-06-19 18:40 - 2013-06-19 18:32 - 00000000 ____D C:\Users\user\Neuer Ordner
2013-06-18 14:41 - 2013-04-22 08:58 - 00000000 ____D C:\Users\user\Desktop\Screenshots_Mailer
2013-06-15 19:45 - 2013-04-25 16:09 - 00002078 ____A C:\Users\user\Documents\Zahlungen Mai.txt
2013-06-15 12:18 - 2013-06-15 09:57 - 00000136 ____A C:\Users\user\Documents\umfragen verdienst.txt
2013-06-14 11:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 22:09 - 2013-06-13 22:09 - 00000078 ____A C:\Users\user\Documents\BÜCHER.txt
2013-06-13 22:07 - 2013-04-08 20:57 - 00000000 ____D C:\Users\user\AppData\Roaming\SoftGrid Client
2013-06-13 20:31 - 2013-03-01 01:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 20:31 - 2013-03-01 01:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 11:13 - 2013-03-02 23:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-11 20:25 - 2013-01-17 13:06 - 00004043 ____A C:\Users\user\Documents\arzt.txt
2013-06-11 19:18 - 2013-06-11 19:18 - 00125423 ____A C:\Users\user\Downloads\Krebserregendes Benzol in Erfrischungsgetränken entdeckt - WEB.DE.htm
2013-06-11 13:08 - 2013-06-07 18:57 - 00001022 ____A C:\Users\user\Documents\mail vogel.txt
2013-06-08 13:42 - 2013-06-13 03:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:13 - 2013-06-13 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-05 12:30 - 2013-06-05 12:30 - 00001289 ____A C:\Users\user\Documents\stellengebot.txt
2013-06-02 13:45 - 2013-06-02 13:45 - 00000649 ____A C:\Users\user\Documents\wideruf2.txt
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 16:20
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Danke bis hierher und Gruß SternLilly |
|
27.06.2013, 19:37
| #8 |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 12:26
| #9 |
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Der Eset Scanner bleibt beim zweiten Schritt hängen 'Unexpected Error 2002' wird angezeigt. Gruß Sternlilly |
|
29.06.2013, 14:57
| #10 |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Welcher Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 20:21
| #11 |
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Firefox |
|
29.06.2013, 21:40
| #12 |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Versuchs mal mit Internet Explorer.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2013, 08:52
| #13 |
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Weil Du nach dem Browser gefragt hast habe ich mal den Eset Scanner gelöscht bzw. deinstalliert und den Scanner mit Internet Explorer downgeloadet es gab folgende Meldung: 'Can not get update. Is proxy configured?' Es gab die Option zum An-oder abhaken: Use custom proxy settings und ein Link daneben der zur Konfiguration weiterleitet. Scanner wieder runtergeschmissen, mit Google Chrome gezogen. Gerade lädt er die Signaturen runter und ich warte wie weit er kommt. Kann dauern - langsame Verbindung zur Zeit. Wenn es klappt folge ich weiter den Anweisungen. Wenn nicht werd ich auch von mir hören lassen... Auch mit Google Chrome die gleiche Fehlermeldung wie bei Firefox  Nanu ich habe den letzten Satz mit Google Chrome eigentlich in einer neuen separaten Antwort geschrieben  |
|
30.06.2013, 13:57
| #14 |
| /// the machine /// TB-Ausbilder | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Dann anders. Mach bitte nen Vollscan mit deinem AV Programm und dann den Rest der anleitung 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2013, 15:54
| #15 |
| | Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hallo tut mir leid. Ich war einige Tage mit einem privaten Problem beschäftigt. Sorry, daß ich bis jetzt keine Rückmeldung gegeben habe. Da ich zur Zeit keinen Virenscanner drauf habe habe ich versucht Avira runterzuladen. Der Download dauerte mit meiner momentanen Internetverbindung 5 (!) Stunden. Zu dem Zeitpunkt war der aber noch nicht fertig, sondern hakte irgendwie. Dann kam glaube ich eine Fehlermeldung die ich nicht mehr zusammenbekomme jetzt. Jetzt gerade habe ich einen Onlinescan mit Bit Defender gemacht. Es wurden keine Infizierungen gefunden. Ich mache jetzt das andere noch und melde mich wieder. |
|
| Themen zu Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 |
| adobe, bho, bildschirm, defender, desktop, dll, ebanking, error, explorer, failed, fehlermeldung, firefox, flash player, format, geld, gesperrt, google, install.exe, logfile, microsoft office starter 2010, mozilla, plug-in, programm, realtek, registry, rundll, security, super, system, system neu, windows |
Linear-Darstellung
