Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.07.2011, 10:39   #1
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Hallo zusammen,
habe mich angemeldet, da ich zur Zeit nicht formatieren kann und bin über chip.de forum auf diese Seite gestossen.
Beim Anmelden bei der Comdirect wurde ich aufgefordert meine TANs einzugeben. Hab darauf Avira Check gemacht und der hat Trojaner gefunden und ich habe auf <entferenen> gedrückt. Danach wurde erschien TAN Abfrage auch nicht mehr, aber ich habe natürlich dennoch bei Bank angerufen um meinen account zu sperren und neue Zugangsdaten zu erhalten.

Ich bin hier im Forum schon auf ähnliche Einträge gestossen. Hoffe ihr könnt mir helfen sicherzustellen, dass mein Rechner sauber ist/wird.

Kenne mich nicht gross aus mit solchen Sachen. Ich habe auch ebay und paypal account, wo Zahlungsvorgänge ja nicht mit TANs bestätigt werden müssen. Habe diese schon länger nicht genutzt und möchte nun nicht darauf zugreifen, da ich Angst habe das Trojaner noch auf dem Rechner ist. Also erstam nicht anmelden? Oder anmelden und Kennwörter ändern?

Alt 13.07.2011, 10:45   #2
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



hier die OTL text fileOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.07.2011 11:08:50 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,65% Memory free
7,71 Gb Paging File | 5,99 Gb Available in Paging File | 77,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,07 Gb Total Space | 44,41 Gb Free Space | 15,47% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP-VAIO | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 11:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.02 00:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.08 14:09:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.04 01:34:28 | 000,000,000 | ---D | M]
 
[2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.05 13:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\unyqh3go.default\extensions
[2011.06.26 11:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.04 23:34:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.09.02 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.05.02 00:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.19.16.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.13 11:04:46 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe
[2011.07.12 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira
[2011.07.12 23:12:50 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.12 23:12:49 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.07.12 21:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.07.12 21:41:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2011.07.06 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\SafeNet Sentinel
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2011.06.26 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.06.23 21:37:38 | 000,000,000 | R--D | C] -- C:\Users\Philipp\Dropbox
[2011.06.23 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.06.23 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 11:04:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe
[2011.07.13 09:45:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:45:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:45:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.13 09:45:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.13 09:45:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.13 09:45:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.13 09:45:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.13 09:38:01 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.13 09:37:52 | 000,437,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.13 09:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 09:36:59 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.26 16:27:32 | 000,111,485 | ---- | M] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf
[2011.06.26 16:16:42 | 000,232,743 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf
[2011.06.26 16:16:25 | 000,231,501 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf
[2011.06.25 12:30:21 | 000,296,676 | ---- | M] () -- C:\Users\Philipp\Desktop\pdfservice.pdf
[2011.06.24 21:27:56 | 000,292,678 | ---- | M] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf
[2011.06.23 21:37:38 | 000,001,045 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.06.23 21:34:47 | 000,001,025 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.08 14:09:53 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.06.26 16:27:32 | 000,111,485 | ---- | C] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf
[2011.06.26 16:16:42 | 000,232,743 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf
[2011.06.26 16:16:25 | 000,231,501 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf
[2011.06.25 12:30:21 | 000,296,676 | ---- | C] () -- C:\Users\Philipp\Desktop\pdfservice.pdf
[2011.06.24 21:27:56 | 000,292,678 | ---- | C] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf
[2011.06.23 21:37:38 | 000,001,045 | ---- | C] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.06.23 21:34:47 | 000,001,025 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.03.13 13:10:18 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.01 20:59:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.26 18:08:12 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.25 12:30:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.13 13:36:10 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2010.05.20 00:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.19 23:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.05.19 23:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.05.19 23:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.05.19 23:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.19 23:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.05.19 23:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.05.19 23:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.#
[2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich
[2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.07.13 09:40:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10
[2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera
[2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird
[2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu
[2011.05.20 23:35:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011.07.13 09:36:59 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010.08.25 11:17:06 | 000,723,394 | ---- | M] () -- C:\lv.log
[2006.12.01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011.07.13 09:36:59 | 4141,977,600 | -HS- | M] () -- C:\pagefile.sys
[2010.08.13 13:29:58 | 000,002,895 | ---- | M] () -- C:\RHDSetup.log
[2010.08.25 11:16:44 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010.06.14 16:30:26 | 000,004,112 | -H-- | M] () -- C:\version
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
--- --- ---
__________________


Alt 13.07.2011, 11:11   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Zitat:
habe mich angemeldet, da ich zur Zeit nicht formatieren kann
Wieso nicht? Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows.

Zitat:
Hab darauf Avira Check gemacht und der hat Trojaner gefunden
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________
__________________

Alt 13.07.2011, 11:17   #4
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Danke für die schnelle Antwort.

Formatieren kann/möchte ich nicht, da ich zur Zeit im Ausland bin und sich jegliche Installations CDs (vor allem Word und SPSS) zu Hause befinden. Da ich die beide Programme zum täglichen arbeiten unbedingt benötige, kann ich nich formatieren.

Nach dem entfernen habe ich nochmal check mit Anira (Free Version) gemacht und es hat sich - bei mehreren Versuchen - bei 26% immer aufgehänt. Daraufhin hab ich es neu installiert und bekomme das gleiche Problem. Daher kann ich den Namen der Datei leider nicht mehr posten. Alles ein wenig Stümperhaft, ich weis..

Alt 13.07.2011, 11:18   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2011, 11:30   #6
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7111

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

13.07.2011 12:27:40
mbam-log-2011-07-13 (12-27-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166936
Laufzeit: 3 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 13.07.2011, 12:21   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2011, 15:48   #8
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Sorry, hat nen bischen gedauert. Heutige Windows Updates haben ewig gedauert zu installieren. Ausserdem ist der Rechner auf einmal extrem langsam geworden. Öffnen von Excel, Word oder selbst pdf's dauert ewig. Thunderbird wollte erst gar nicht mehr...

hier das Ergebnis des Scans

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7111

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

13.07.2011 16:37:41
mbam-log-2011-07-13 (16-37-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 358797
Laufzeit: 55 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Philipp\AppData\Roaming\Qeux\ogliu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
         

Alt 13.07.2011, 15:51   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Wieso installierst du jetzt Windows-Updates?
Man sollte erstmal sich auf eine Sache konzentrieren => Bereinigung! und nicht zwischendruch mitten in der Analyse und Bereinigung irgendwelche Updates aufspielen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2011, 16:00   #10
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



...automatische Einstellung beim Runterfahren..

Alt 13.07.2011, 23:27   #11
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Code:
ATTFilter
 MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	Sony Corporation
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Sony Corporation
System Product Name:		VPCEB2C5E
Logical Drives Mask:		0x00000074

Kernel Drivers (total 192):
  0x04055000 \SystemRoot\system32\ntoskrnl.exe
  0x0400C000 \SystemRoot\system32\hal.dll
  0x00BB7000 \SystemRoot\system32\kdcom.dll
  0x00CCE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D1D000 \SystemRoot\system32\PSHED.dll
  0x00D31000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00ED9000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F7D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F8C000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FE3000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FEC000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E00000 \SystemRoot\system32\drivers\pci.sys
  0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
  0x00D8F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
  0x010F9000 \SystemRoot\system32\drivers\iaStor.sys
  0x01301000 \SystemRoot\system32\drivers\atapi.sys
  0x0130A000 \SystemRoot\system32\drivers\ataport.SYS
  0x01334000 \SystemRoot\system32\drivers\amdxata.sys
  0x0133F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0138B000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0139F000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x0145A000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0105E000 \SystemRoot\System32\Drivers\cng.sys
  0x0141B000 \SystemRoot\System32\drivers\pcw.sys
  0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01695000 \SystemRoot\system32\drivers\ndis.sys
  0x01788000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01858000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01AA6000 \SystemRoot\system32\drivers\volsnap.sys
  0x01AF2000 \SystemRoot\System32\Drivers\spldr.sys
  0x01AFA000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B34000 \SystemRoot\System32\Drivers\mup.sys
  0x01B46000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B4F000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01B89000 \SystemRoot\system32\drivers\disk.sys
  0x01B9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x04648000 \SystemRoot\system32\drivers\cdrom.sys
  0x04672000 \SystemRoot\System32\Drivers\Null.SYS
  0x0467B000 \SystemRoot\System32\Drivers\Beep.SYS
  0x04682000 \SystemRoot\System32\drivers\vga.sys
  0x04690000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x046B5000 \SystemRoot\System32\drivers\watchdog.sys
  0x046C5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x046CE000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x046D7000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x046E0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x046EB000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x046FC000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0471E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0472B000 \SystemRoot\system32\drivers\afd.sys
  0x047B4000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04400000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x01800000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x04409000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x01826000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01835000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01BDD000 \SystemRoot\system32\drivers\termdd.sys
  0x0162B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x0441F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x01BF1000 \SystemRoot\system32\drivers\mssmbios.sys
  0x0167C000 \SystemRoot\System32\drivers\discache.sys
  0x01436000 \SystemRoot\System32\Drivers\dfsc.sys
  0x017E8000 \SystemRoot\system32\drivers\blbdrive.sys
  0x010D0000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x013AC000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04AD2000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x050F7000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04A46000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04A6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x04A7B000 \SystemRoot\system32\drivers\usbehci.sys
  0x03E3A000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x05238000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x053B5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x053C2000 \SystemRoot\system32\drivers\sdbus.sys
  0x05200000 \SystemRoot\system32\drivers\rimssne64.sys
  0x05220000 \SystemRoot\system32\drivers\risdsne64.sys
  0x03E90000 \SystemRoot\system32\DRIVERS\yk62x64.sys
  0x053E2000 \SystemRoot\system32\drivers\i8042prt.sys
  0x03EF5000 \SystemRoot\system32\drivers\kbdclass.sys
  0x03F04000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x03F48000 \SystemRoot\system32\drivers\mouclass.sys
  0x03F57000 \SystemRoot\system32\drivers\SFEP.sys
  0x03F5A000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x03F70000 \SystemRoot\system32\drivers\CmBatt.sys
  0x03F75000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x03F85000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x03F9B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x03FBF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x03FCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04A8C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03E1B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03E35000 \SystemRoot\system32\drivers\swenum.sys
  0x054B3000 \SystemRoot\system32\drivers\ks.sys
  0x054F6000 \SystemRoot\system32\drivers\umbus.sys
  0x05508000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05562000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05577000 \SystemRoot\system32\drivers\RtHDMIVX.sys
  0x055AA000 \SystemRoot\system32\drivers\portcls.sys
  0x05400000 \SystemRoot\system32\drivers\drmk.sys
  0x05422000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05E8E000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x00040000 \SystemRoot\System32\win32k.sys
  0x060A9000 \SystemRoot\System32\drivers\Dxapi.sys
  0x060B5000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x0442B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x060C3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x060D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x060F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x060F5000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x06123000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
  0x0612D000 \SystemRoot\system32\drivers\hidusb.sys
  0x0613B000 \SystemRoot\system32\drivers\HIDCLASS.SYS
  0x06154000 \SystemRoot\system32\drivers\HIDPARSE.SYS
  0x0615D000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0616A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005C0000 \SystemRoot\System32\TSDDD.dll
  0x00640000 \SystemRoot\System32\cdd.dll
  0x06178000 \SystemRoot\system32\drivers\luafv.sys
  0x0619B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x061BA000 \SystemRoot\system32\drivers\WudfPf.sys
  0x061DB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x05E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x05E66000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0409C000 \SystemRoot\system32\drivers\HTTP.sys
  0x04165000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x04183000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0419B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0404E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x066CF000 \SystemRoot\system32\drivers\peauth.sys
  0x06775000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06780000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x067B1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x070C6000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0715E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0701B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x07071000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x0709C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77280000 \Windows\System32\ntdll.dll
  0x47E10000 \Windows\System32\smss.exe
  0xFF5A0000 \Windows\System32\apisetschema.dll
  0xFFF70000 \Windows\System32\autochk.exe
  0x77180000 \Windows\System32\user32.dll
  0xFF410000 \Windows\System32\urlmon.dll
  0xFF390000 \Windows\System32\shlwapi.dll
  0xFF1B0000 \Windows\System32\setupapi.dll
  0xFF080000 \Windows\System32\rpcrt4.dll
  0xFEE20000 \Windows\System32\iertutil.dll
  0xFED50000 \Windows\System32\usp10.dll
  0xFED20000 \Windows\System32\imm32.dll
  0xFECB0000 \Windows\System32\gdi32.dll
  0xFEC90000 \Windows\System32\imagehlp.dll
  0x77450000 \Windows\System32\normaliz.dll
  0xFDF00000 \Windows\System32\shell32.dll
  0x77060000 \Windows\System32\kernel32.dll
  0xFDDF0000 \Windows\System32\msctf.dll
  0xFDBE0000 \Windows\System32\ole32.dll
  0xFDB90000 \Windows\System32\ws2_32.dll
  0xFDAF0000 \Windows\System32\comdlg32.dll
  0xFDA10000 \Windows\System32\oleaut32.dll
  0x77440000 \Windows\System32\psapi.dll
  0xFD8E0000 \Windows\System32\wininet.dll
  0xFD8C0000 \Windows\System32\sechost.dll
  0xFD8B0000 \Windows\System32\lpk.dll
  0xFD850000 \Windows\System32\Wldap32.dll
  0xFD7D0000 \Windows\System32\difxapi.dll
  0xFD730000 \Windows\System32\clbcatq.dll
  0xFD690000 \Windows\System32\msvcrt.dll
  0xFD680000 \Windows\System32\nsi.dll
  0xFD5A0000 \Windows\System32\advapi32.dll
  0xFD430000 \Windows\System32\crypt32.dll
  0xFD3F0000 \Windows\System32\wintrust.dll
  0xFD3B0000 \Windows\System32\cfgmgr32.dll
  0xFD340000 \Windows\System32\KernelBase.dll
  0xFD2A0000 \Windows\System32\comctl32.dll
  0xFD280000 \Windows\System32\devobj.dll
  0xFD270000 \Windows\System32\msasn1.dll
  0x75BB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 76):
       0 System Idle Process
       4 System
     312 C:\Windows\System32\smss.exe
     480 csrss.exe
     536 C:\Windows\System32\wininit.exe
     560 csrss.exe
     592 C:\Windows\System32\services.exe
     628 C:\Windows\System32\lsass.exe
     644 C:\Windows\System32\lsm.exe
     652 C:\Windows\System32\winlogon.exe
     772 C:\Windows\System32\svchost.exe
     860 C:\Windows\System32\svchost.exe
     948 C:\Windows\System32\atiesrxx.exe
     992 C:\Windows\System32\svchost.exe
     124 C:\Windows\System32\svchost.exe
     324 C:\Windows\System32\svchost.exe
     460 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\spoolsv.exe
    1276 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1336 C:\Windows\System32\svchost.exe
    1448 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    1584 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1620 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1672 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1772 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1780 C:\Windows\System32\conhost.exe
    1804 C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
    1852 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    1940 C:\Windows\System32\atieclxx.exe
    1996 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    1720 C:\Windows\System32\taskhost.exe
    1836 C:\Windows\System32\taskeng.exe
    2036 C:\Windows\System32\dwm.exe
    1304 C:\Windows\explorer.exe
    2132 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    2148 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    2216 C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    2380 WmiPrvSE.exe
    2504 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    2772 C:\Program Files\Apoint\Apoint.exe
    2832 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2896 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2928 C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
    2964 C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
    2972 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3008 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3252 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3508 C:\Windows\System32\SearchIndexer.exe
    3740 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    3520 WUDFHost.exe
    2828 C:\Windows\System32\svchost.exe
    2748 C:\Windows\System32\taskeng.exe
    2416 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    2156 C:\Program Files\Apoint\ApMsgFwd.exe
    2360 C:\Program Files\Apoint\Apvfb.exe
    4364 C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    4756 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4824 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1064 C:\Program Files\Sony\VAIO Care\VCsystray.exe
    4352 C:\Program Files\Sony\VAIO Care\VCService.exe
    1500 C:\Program Files\Sony\VAIO Care\VCAgent.exe
    4904 C:\Windows\System32\vds.exe
     184 C:\Program Files\Sony\VAIO Care\Admload.exe
    4572 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    1928 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    4260 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4600 C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
    4608 C:\Program Files\Sony\VAIO Care\listener.exe
    1384 C:\Windows\System32\audiodg.exe
    1352 C:\Windows\System32\SearchProtocolHost.exe
    1648 C:\Windows\System32\SearchFilterHost.exe
    3888 dllhost.exe
     356 dllhost.exe
    3096 C:\Users\Philipp\Desktop\MBRCheck.exe
    5008 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c1800000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
         

Alt 13.07.2011, 16:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Argh...naja, was will man machen...

Mach bitte ein neues Custom-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2011, 17:05   #13
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.07.2011 17:53:32 - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,11% Memory free
7,71 Gb Paging File | 5,86 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,07 Gb Total Space | 132,65 Gb Free Space | 46,21% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP-VAIO | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 11:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.02 00:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.08 14:09:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.04 01:34:28 | 000,000,000 | ---D | M]
 
[2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.05 13:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\unyqh3go.default\extensions
[2011.06.26 11:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.04 23:34:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.09.02 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.05.02 00:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.19.16.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.13 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2011.07.13 12:22:41 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.13 12:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.13 12:22:37 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.13 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.13 11:04:46 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe
[2011.07.12 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira
[2011.07.12 23:12:50 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.12 23:12:49 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.07.12 21:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.07.12 21:41:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2011.07.06 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\SafeNet Sentinel
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2011.06.26 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.06.23 21:37:38 | 000,000,000 | R--D | C] -- C:\Users\Philipp\Dropbox
[2011.06.23 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.06.23 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 16:49:20 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 16:49:20 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 16:47:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.13 16:47:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.13 16:47:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.13 16:47:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.13 16:47:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.13 16:40:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.07.13 16:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 16:40:35 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 15:31:43 | 000,437,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.13 13:08:21 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.13 13:08:21 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.13 12:22:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.13 11:04:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe
[2011.06.26 16:27:32 | 000,111,485 | ---- | M] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf
[2011.06.26 16:16:42 | 000,232,743 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf
[2011.06.26 16:16:25 | 000,231,501 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf
[2011.06.25 12:30:21 | 000,296,676 | ---- | M] () -- C:\Users\Philipp\Desktop\pdfservice.pdf
[2011.06.24 21:27:56 | 000,292,678 | ---- | M] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf
[2011.06.23 21:37:38 | 000,001,045 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.06.23 21:34:47 | 000,001,025 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.13 12:22:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.08 14:09:53 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.06.26 16:27:32 | 000,111,485 | ---- | C] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf
[2011.06.26 16:16:42 | 000,232,743 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf
[2011.06.26 16:16:25 | 000,231,501 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf
[2011.06.25 12:30:21 | 000,296,676 | ---- | C] () -- C:\Users\Philipp\Desktop\pdfservice.pdf
[2011.06.24 21:27:56 | 000,292,678 | ---- | C] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf
[2011.06.23 21:37:38 | 000,001,045 | ---- | C] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2011.06.23 21:34:47 | 000,001,025 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.03.13 13:10:18 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.01 20:59:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.26 18:08:12 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.25 12:30:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.13 13:36:10 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2010.05.20 00:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.19 23:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.05.19 23:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.05.19 23:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.05.19 23:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.19 23:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.05.19 23:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.05.19 23:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.#
[2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich
[2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.07.13 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10
[2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera
[2011.07.13 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird
[2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu
[2011.05.20 23:35:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.#
[2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich
[2011.06.24 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe
[2010.08.25 12:30:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ArcSoft
[2010.08.25 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ATI
[2011.07.12 23:15:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira
[2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2010.09.05 13:03:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DivX
[2011.07.13 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2011.03.24 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\dvdcss
[2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2010.08.25 09:37:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Google
[2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0
[2010.08.25 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities
[2010.08.25 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield
[2010.08.25 09:33:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Intel Corporation
[2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2010.08.25 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia
[2011.07.13 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10
[2010.05.20 04:02:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs
[2011.01.30 20:11:44 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft
[2010.08.25 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla
[2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera
[2011.07.13 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2011.03.13 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Roxio
[2011.07.12 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype
[2011.04.03 13:56:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\skypePM
[2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2010.08.25 09:30:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony Corporation
[2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird
[2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2010.08.29 01:27:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc
[2010.11.16 23:24:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR
[2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu
 
< %APPDATA%\*.exe /s >
[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 22:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.10.04 02:31:16 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Yzcu\tiva.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >

< End of report >
         
--- --- ---
[/CODE]

Alt 13.07.2011, 19:49   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun
O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun
O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc
[2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu
[2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux
[2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2011, 21:39   #15
Phil21
 
Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Standard

Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden



Code:
ATTFilter
 ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found.
File D:\RunGame.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
C:\Users\Philipp\AppData\Roaming\Efusyc folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Abfeaf folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Yzcu folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Qeux folder moved successfully.
C:\Users\Philipp\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 07132011_223726
         

Antwort

Themen zu Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden
100 tan, account, angemeldet, anmelden, avira, check, chip.de, ebay, einträge, erhalte, formatieren, forum, hallo zusammen, kennwörter, länger, melden, neue, nicht mehr, paypal, personal, rechner, rojaner gefunden, seite, sperren, tan, tans, trojaner, trojaner gefunden, wörter, zusammen, ändern




Ähnliche Themen: Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden


  1. Comdirect TAN-Abfrage. Funde wie TR/Bublik.I.17, TR/Spy.Dofoil.B...
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (15)
  2. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  3. Trojaner DOWNLOADER gefunden: efax.corporate.personal.id2efr120091fre1tt0932223545aeg32123434ip.new.pdf.exe
    Log-Analyse und Auswertung - 08.11.2012 (3)
  4. Eset Personal Firewall meldet : Identische IP im Netzwerk gefunden! Was los/ Was tun?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (1)
  5. Comdirect Trojaner zur TAN Ausspähung
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (3)
  6. iTAN Trojaner bei Zugriff auf comdirect online Banking - danach kein fehlerfreies Anmelden mehr mögl
    Log-Analyse und Auswertung - 26.04.2012 (9)
  7. TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...
    Log-Analyse und Auswertung - 26.12.2011 (24)
  8. 100-Tan Trojaner bei Online-Zugang Comdirect
    Log-Analyse und Auswertung - 19.12.2011 (28)
  9. Avira AntiVir Personal meldet TOO/TDss.D und EXP/CVE-2010-0840
    Log-Analyse und Auswertung - 16.10.2011 (32)
  10. comdirect Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (1)
  11. TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (26)
  12. Trojaner-Mozilla Firefox-Tan-Abfragen auf Seite der comdirect
    Diskussionsforum - 24.10.2010 (15)
  13. Avira AntiVir Personal - Free Antivirus meldet TR/Crypt.ULPM.Gen, möglicherweise Fehlalarm
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (5)
  14. TR/FraudPack.azhu (Avira AntiVir Personal)
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  15. Avira Antivir Personal 10 meldet 14 versteckte Objekte
    Antiviren-, Firewall- und andere Schutzprogramme - 02.04.2010 (2)
  16. 190 Warnungen beim Virenscan! AVIRA PERSONAL FREE ANTIVIRUS
    Antiviren-, Firewall- und andere Schutzprogramme - 23.11.2009 (45)
  17. Hilfe, hab 40Viren auf Labtop(XP) mit Avira AntiVir Personal! Was soll ich machen?
    Mülltonne - 11.10.2008 (0)

Zum Thema Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden - Hallo zusammen, habe mich angemeldet, da ich zur Zeit nicht formatieren kann und bin über chip.de forum auf diese Seite gestossen. Beim Anmelden bei der Comdirect wurde ich aufgefordert meine - Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden...
Archiv
Du betrachtest: Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.