| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.06.2013, 10:22
| #1 |
 |  Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 Hallo guten Tag zusammen, nachdem ich auf meinem Handy eine SMS erhalten habe, daß ich von einem bestimmten Link eine Sicherheitssoftware downloaden soll sonst würde die mTan (Onlinebanking) gesperrt wurde ich stutzig u. kontaktierte die Postbank. Man sagte mir ich hätte wohl einen Trojaner. Malwarebytes fand die im Betreff genannten Schädlinge.Ob die jetzt weg sind oder nur in Quarantäne weiß ich nicht. Mir macht es nichts aus das System neu aufsetzen zu müssen im Grund schnell gemacht. ABER ich habe Angst, daß ich Windows nicht mehr auf den leeren PC dann bekomme. Das Netbook hat kein CD-Fach und demnach gibt es keine Recovery-CD. Habe dann erfahren, daß eine Neuinstallation von Windows auch über USB-Stick möglich ist.Ich habe aber Angst davor, daß es nicht funktioniert denn das Netbook ist zur Zeit lebenswichtig!Auch habe ich nicht soviel Geld, um das Ding dann wieder zur Reparatur zu schleppen. Will mich intensiver mit diesem Thema befassen bevor ich was mache. Bis dahin möchte ich sicher gehen, daß die Biester zumindest unschädlich gemacht wurden. Also: Wollte nun den Anweisungen VOR dem Einstellen eines neuen Thread folgen. OTL ist durch ABER mit GMER gibt es Probleme. Bekomme die Fehlermeldung, daß das Programm nicht funktioniert. Nach dem dritten Versuch wurde plötzlich der Bildschirm blau, Fehlermeldung auf Englisch, daß Windows heruntergefahren werden muß, um Schaden am System zu vermeiden und so. Noch mal ein Versuch, während des Scans fror der Bildschirm ein, gar nichts ging mehr. Stromkabel raus, Akku raus und wieder rein, Windows startete dann wieder. Letzter Versuch mit umbenannten Programm (aus Gmer.exe wurde Anwendung.exe) dasselbe. Soll ich jetzt Gmer überspringen und mit den anderen Anweisungen weitermachen? Hier sind die OTL-Dateien: Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.06.2013 09:10:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 523,91 Mb Available Physical Memory | 51,66% Memory free
1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 75,31 Gb Free Space | 75,31% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 104,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"o2DE" = Mobile Connection Manager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite" = Windows Live Essentials
"ZTE USB Driver" = ZTE USB Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.06.2013 02:21:29 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 02:35:02 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 17.06.2013 12:36:05 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=84C} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 12:36:05 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 12:46:05 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 17.06.2013 13:29:50 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=868} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 13:29:50 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 13:44:16 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=864} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 13:44:16 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
Error - 17.06.2013 13:58:36 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 17.06.2013 14:15:14 | Computer Name = user-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=844} Application Virtualization Client konnte keine Verbindung
mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5001.sft'
herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
Error - 17.06.2013 14:15:14 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Fehler bei der Registrierung des Click-2-Run-Pakets.
[ System Events ]
Error - 16.05.2013 15:44:31 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 03:00:02 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 03:24:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.05.2013 17:38:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 00:08:23 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 09:46:02 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 13:13:45 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.05.2013 15:33:57 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.05.2013 04:20:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.05.2013 08:43:30 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2013 09:10:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 523,91 Mb Available Physical Memory | 51,66% Memory free 1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 75,31 Gb Free Space | 75,31% Space Free | Partition Type: NTFS Drive D: | 183,07 Gb Total Space | 104,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.12 01:08:52 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2011.01.07 00:16:38 | 000,414,384 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe ========== Modules (No Company Name) ========== MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe ========== Services (SafeList) ========== SRV - [2013.06.13 20:31:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwampfl.sys -- (btwampfl) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.22 03:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.02.22 18:39:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.12.28 16:52:40 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.02.03 17:56:22 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.moneymillionar.de/startpage.php" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.01 01:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2013.04.05 10:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\90ej64gh.default\extensions [2013.04.05 10:28:28 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\90ej64gh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.05.23 12:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.05.23 12:40:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - Extension: Google Docs = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKCU..\Run: [Totowyuro] C:\Users\user\AppData\Roaming\Naid\vezi.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10B58776-A0D2-46C4-9497-F86728F2A2C3}: DhcpNameServer = 172.28.64.1 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.24 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\TrojanerBoard [2013.06.24 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7D65BD61-7E8D-41B5-B903-2E9AD5F7FD8F} [2013.06.19 18:32:15 | 000,000,000 | ---D | C] -- C:\Users\user\Neuer Ordner [2013.06.13 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\AUSDRUCKEN HEINZ [2013.06.13 03:18:35 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.06.13 03:18:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.06.13 03:18:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.06.13 03:18:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.06.13 03:18:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.06.13 03:18:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.06.13 03:18:32 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.06.13 03:18:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.06.13 03:01:06 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.06.13 03:01:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.06.12 00:05:59 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe [2013.06.12 00:05:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll [2013.06.11 23:54:56 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2013.06.11 23:54:55 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2013.06.11 23:22:55 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.06.11 23:19:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll [2013.05.28 01:05:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{EEA485C0-33CF-43ED-BF51-90299A39F7D2} ========== Files - Modified Within 30 Days ========== [2013.06.24 08:55:07 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000UA.job [2013.06.24 08:40:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.24 08:36:05 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:36:05 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:33:18 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.24 08:33:18 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.24 08:33:18 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.24 08:33:18 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.24 08:28:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.24 08:28:32 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013.06.23 16:55:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-384887357-843060359-1038467452-1000Core.job [2013.06.23 16:51:48 | 000,000,000 | -H-- | M] () -- C:\Users\user\Documents\Default.rdp [2013.06.20 23:10:40 | 000,002,321 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013.06.20 15:15:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.20 12:12:11 | 000,246,028 | ---- | M] () -- C:\Users\user\AppData\Local\census.cache [2013.06.20 12:12:02 | 000,090,721 | ---- | M] () -- C:\Users\user\AppData\Local\ars.cache [2013.06.13 20:31:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.06.13 20:31:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.06.23 16:51:48 | 000,000,000 | -H-- | C] () -- C:\Users\user\Documents\Default.rdp [2013.06.20 15:15:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.18 15:53:13 | 000,063,867 | ---- | C] () -- C:\Users\user\7426061.exe [2013.05.04 01:28:30 | 000,014,708 | ---- | C] () -- C:\Users\user\3528406.exe [2013.04.21 12:37:47 | 000,246,028 | ---- | C] () -- C:\Users\user\AppData\Local\census.cache [2013.04.21 12:37:26 | 000,090,721 | ---- | C] () -- C:\Users\user\AppData\Local\ars.cache [2013.04.08 14:18:53 | 000,000,981 | ---- | C] () -- C:\windows\MD_MacroDiffs.INI [2013.04.08 14:18:53 | 000,000,905 | ---- | C] () -- C:\windows\MD_MicroDiffs.INI [2013.04.08 14:18:53 | 000,000,817 | ---- | C] () -- C:\windows\CFX.INI [2013.04.06 14:35:17 | 000,007,612 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2013.02.25 18:45:47 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2013.02.25 18:43:20 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.02.25 18:46:17 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ȫ [2013.02.25 18:46:16 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ȫ < End of report > Ich habe Win7starter 32bit, gehe meistens mit Firefox online (nebenbei mit GoogleChrome, IE nutze ich fast nicht). Danke im voraus. Lieben Gruß SternLilly |
| Themen zu Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7 |
| adobe, bho, bildschirm, defender, desktop, dll, ebanking, error, explorer, failed, fehlermeldung, firefox, flash player, format, geld, gesperrt, google, install.exe, logfile, microsoft office starter 2010, mozilla, plug-in, programm, realtek, registry, rundll, security, super, system, system neu, windows |
Baum-Darstellung