Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
möglicherweise Torpig_2-Infektion, Bank-Account gesperrt

möglicherweise Torpig_2-Infektion, Bank-Account gesperrt


Log-Analyse und Auswertung: möglicherweise Torpig_2-Infektion, Bank-Account gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.08.2011, 10:34   #1
FlFe
 
möglicherweise Torpig_2-Infektion, Bank-Account gesperrt - Frage

möglicherweise Torpig_2-Infektion, Bank-Account gesperrt


Hallo,

ich habe von meiner Bank einen Brief bekommen, daß Daten zu meinem Account im Web gefunden worden seien, und mein Rechner wohl von Torpig_2 infiziert worden sei. Mein Problem ist, daß ich nicht weiß, welcher Rechner infiziert ist, da ich an zwei Notebooks und einem stationären PC arbeite.

Ich habe jetzt mein "Arbeits"-Notebook nach der Anleitung hier aus dem Forum gescannt, logfiles siehe Anhang. Mich würde v.a. interessieren, ob dieses Notebook infiziert ist, da hier relativ viele Daten drauf sind, die ich ggf. sichern müßte. Die anderen beiden PCs würde ich so oder so plattmachen, bzw. würde die auch gerne nochmal scannen, wenn ich etwas mehr Zeit habe - um zu wissen, wo die Daten abgezogen worden sind. Habe eigentlich mit keinem PC Probleme gehabt (also langsamer geworden etc...), wobei ich auch nicht weiß, ob das zu erwarten wäre. Vienmeldungen hatte ich in letzter Zeit zweimal, beides, nachdem ich mit USB-Sticks an anderen Rechnern hier im Institut war, erinnere mich aber nicht mehr, was gefunden wurde - lauf MS Security Essentials hat er die Dinger wohl jeweils eliminiert.

Ich bin für jede Hilfe sehr dankbar!

Viele Grüße, F.




OTL-Log
OTL logfile created on: 15.08.2011 20:32:53 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,95% Memory free
6,18 Gb Paging File | 5,31 Gb Available in Paging File | 85,85% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 57,86 Gb Free Space | 40,16% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 86,11 Gb Free Space | 59,80% Space Free | Partition Type: NTFS

Computer Name: FLORIAN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.15 20:27:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.07.22 15:33:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.22 15:33:48 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.10 21:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.07.10 21:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe


========== Modules (No Company Name) ==========

MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.05 17:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Program Files\StarMoney 7.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.11.29 21:26:17 | 000,320,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.01.28 08:33:10 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.07.22 15:33:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.07.10 21:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.07.10 21:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Disabled | Stopped] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2007.08.23 15:05:18 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004.08.16 11:43:54 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- D:\Programme\MatLab701\webserver\bin\win32\matlabserver.exe -- (matlabserver)


========== Driver Services (SafeList) ==========

DRV - [2011.08.15 20:29:28 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11FA3556-C45E-4112-89DD-CB83D4BF3B87}\MpKsl50da6552.sys -- (MpKsl50da6552)
DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.06.16 11:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.11.25 16:25:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.02 10:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.09.22 21:25:53 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.02.25 05:49:00 | 007,547,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.02 17:04:18 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.02.02 16:52:14 | 000,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.01.28 15:53:04 | 000,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.01.16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.26 01:21:12 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.11.24 19:40:45 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07)
DRV - [2008.11.24 19:40:45 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06)
DRV - [2008.11.24 19:40:45 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05)
DRV - [2008.11.24 19:40:45 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04)
DRV - [2008.11.24 19:40:45 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03)
DRV - [2008.11.24 19:40:45 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02)
DRV - [2008.11.24 19:40:45 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01)
DRV - [2008.10.19 11:32:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.10.16 20:50:21 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.08.29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.06 03:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.26 07:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.07.23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.20 18:19:00 | 001,313,792 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002.04.10 16:49:18 | 000,045,628 | ---- | M] (Your Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PDRV.sys -- (PDRV)
DRV - [2001.11.13 10:47:26 | 000,041,324 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\winio.sys -- (WINIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2009.1010.0301
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2009.1010.0304
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {BC0AE9E6-E549-4554-A222-EA083A894683}:1.0.0.47
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@piclinq.com/QuickUpload,Version=1.0.0.47: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 09:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.28 18:39:54 | 000,000,000 | ---D | M]

[2008.10.09 20:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.08.12 13:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions
[2011.01.03 20:09:28 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2011.02.20 18:40:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.04 18:19:52 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010.12.13 17:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.13 17:01:42 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h0p43dtv.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.05.28 20:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.28 20:35:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.23 11:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2009.09.06 16:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.24 09:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.26 12:30:15 | 000,000,756 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\Florian\AppData\Local\Temp\f5tmp\cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://access.uke.de/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O24 - Desktop WallPaper: C:\Users\User\Pictures\Nikon Transfer\Bern_konv_009\Kandersteg_100.JPG
O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\Nikon Transfer\Bern_konv_009\Kandersteg_100.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12962f80-4505-11e0-9ab0-001377aac83c}\Shell\AutoRun\command - "" = F:\TranscendService(JF).exe
O33 - MountPoints2\{289ffacb-d9cf-11de-a76a-001377aac83c}\Shell - "" = AutoRun
O33 - MountPoints2\{289ffacb-d9cf-11de-a76a-001377aac83c}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{468ec943-9de1-11dd-a952-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{468ec943-9de1-11dd-a952-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{53165ba7-6cb1-11e0-81fd-001377aac83c}\Shell - "" = AutoRun
O33 - MountPoints2\{53165ba7-6cb1-11e0-81fd-001377aac83c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53165bd4-6cb1-11e0-81fd-001377aac83c}\Shell - "" = AutoRun
O33 - MountPoints2\{53165bd4-6cb1-11e0-81fd-001377aac83c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6008600e-6c5b-11e0-99f4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6008600e-6c5b-11e0-99f4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a04745be-c54a-11dd-9a2e-00211930ba95}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
O33 - MountPoints2\{dde259bf-9561-11dd-8d7c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TraXEx 3.2.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - File not found
MsConfig - StartUpReg: Cm106Sound - hkey= - key= - File not found
MsConfig - StartUpReg: Comrade.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: doubleTwist - hkey= - key= - File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: MultiScreen - hkey= - key= - C:\Program Files\MultiScreen\MultiScreen.exe ()
MsConfig - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: S60 PC Suite Tray - hkey= - key= - File not found
MsConfig - StartUpReg: SteamUp - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.15 20:27:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.08.15 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\User\DoctorWeb
[2011.08.09 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GraphPad Software
[2011.08.09 12:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software
[2011.08.09 12:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphPad Software
[2011.08.09 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\GraphPad
[2011.08.04 12:50:25 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SafeNet Sentinel
[2011.08.04 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\User\.spss
[2011.07.22 16:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.22 16:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.15 20:40:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40656A57-C1BD-4BA7-9EEC-B11D31DDC609}.job
[2011.08.15 20:30:21 | 000,336,470 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.15 20:29:41 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 20:29:39 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2011.08.15 20:29:26 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 20:29:25 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 20:29:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 20:29:01 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.15 20:28:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.15 20:27:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.08.15 20:27:45 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable
[2011.08.15 20:26:01 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2011.08.15 20:26:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 20:09:20 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\cjc1mbvw.exe
[2011.08.15 19:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491993954-447424584-3196684358-1004UA.job
[2011.08.15 18:49:11 | 000,336,470 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.15 18:49:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491993954-447424584-3196684358-1004Core.job
[2011.08.15 14:08:04 | 000,680,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.15 14:08:04 | 000,639,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.15 14:08:04 | 000,148,494 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.15 14:08:04 | 000,122,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.13 14:14:37 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.08.10 08:52:17 | 000,974,949 | ---- | M] () -- C:\Users\User\Desktop\The inhibition of MAPK potentiates the anti-angiogenic efficacy of mTOR inhibitors.pdf
[2011.08.09 08:50:48 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.08.04 21:55:17 | 002,017,945 | ---- | M] () -- C:\Users\User\Desktop\Multivariate Statistik mit SPSS.pdf
[2011.07.30 15:57:51 | 000,001,570 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2011.07.27 10:25:47 | 000,383,111 | ---- | M] () -- C:\Users\User\Desktop\CCA_zellinien.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.15 20:26:54 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable
[2011.08.15 20:26:00 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2011.08.15 20:08:57 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\cjc1mbvw.exe
[2011.08.10 08:52:17 | 000,974,949 | ---- | C] () -- C:\Users\User\Desktop\The inhibition of MAPK potentiates the anti-angiogenic efficacy of mTOR inhibitors.pdf
[2011.08.04 21:55:17 | 002,017,945 | ---- | C] () -- C:\Users\User\Desktop\Multivariate Statistik mit SPSS.pdf
[2011.07.30 15:57:51 | 000,001,570 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2011.07.27 10:25:46 | 000,383,111 | ---- | C] () -- C:\Users\User\Desktop\CCA_zellinien.pdf
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.04.19 16:36:23 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2011.01.04 17:10:10 | 000,001,601 | ---- | C] () -- C:\Program Files\4D_v12_1_SetUpMirror.exe
[2010.09.24 11:50:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\programs
[2010.09.24 11:50:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2010.09.24 11:50:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.09.24 11:50:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\libiconv
[2010.09.24 11:50:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.09.24 11:50:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.09.24 11:46:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Utilities
[2010.06.08 19:10:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.06.08 19:10:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.08 19:10:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.24 18:18:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.05.24 17:52:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\deskjet
[2010.05.24 17:52:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.05.24 17:52:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\laserjet
[2009.11.17 13:46:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.17 13:46:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.09.22 21:26:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.07.20 21:17:58 | 000,122,880 | ---- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe
[2009.07.20 21:10:48 | 000,307,200 | ---- | C] () -- C:\Windows\System32\InstallVCOM.exe
[2009.06.24 19:29:53 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.06.15 17:21:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.15 17:21:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.11 13:02:25 | 000,336,470 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.11 13:01:43 | 000,336,470 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.08 16:40:19 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009.05.04 17:56:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.05.04 17:56:41 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.04.20 15:44:06 | 000,479,232 | ---- | C] () -- C:\Windows\System32\VisionToolbox.dll
[2009.01.18 14:50:40 | 000,000,317 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2009.01.18 14:50:04 | 000,003,329 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2009.01.18 14:50:04 | 000,000,843 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009.01.18 14:50:04 | 000,000,335 | ---- | C] () -- C:\Windows\cm106.ini
[2009.01.13 21:41:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.07 16:36:32 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.07 16:36:32 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.25 14:49:11 | 000,000,032 | ---- | C] () -- C:\Windows\Autorun.INI
[2008.11.25 14:48:13 | 000,041,324 | ---- | C] () -- C:\Windows\System32\winio.sys
[2008.11.25 14:48:10 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2008.10.31 19:36:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.29 17:58:36 | 000,466,944 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe
[2008.10.29 17:58:30 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2008.10.29 17:57:59 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2008.10.16 20:50:22 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.16 20:50:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.12 20:49:42 | 000,085,504 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.12 11:26:18 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008.10.12 11:26:18 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2008.10.08 19:41:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.06.26 13:37:16 | 000,680,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.26 13:37:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.26 13:37:16 | 000,148,494 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.26 13:37:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.25 23:08:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 07:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.06.25 07:30:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.06.25 07:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.06.25 07:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.06.25 07:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.06.25 07:22:17 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008.06.25 07:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.06.25 07:18:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.06.25 07:18:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.05.04 17:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll_rename
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,374,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,639,654 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,058 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996.09.27 10:10:48 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPORTIO.sys

========== LOP Check ==========

[2010.06.13 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\1&1
[2008.12.11 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Any Video Converter
[2009.11.25 16:34:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011.07.23 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.04.30 15:47:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.15 17:39:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EndNote
[2009.07.16 11:27:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN
[2011.08.09 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GraphPad Software
[2011.07.30 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009.09.22 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCP
[2010.05.25 19:03:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nikon
[2009.07.12 12:45:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2009.08.16 14:36:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PersBackup
[2011.05.22 09:43:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2008.10.22 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoundSpectrum
[2011.04.21 23:11:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile
[2011.04.24 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile Internet Manager
[2009.03.22 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\think-cell
[2011.08.13 14:14:37 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.08.15 20:28:04 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.15 20:29:39 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2011.08.15 20:40:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40656A57-C1BD-4BA7-9EEC-B11D31DDC609}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2008.10.09 19:34:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.02 14:17:51 | 000,000,000 | ---D | M] -- C:\7708d1b7b5ab1af740f2a66952090ca8
[2008.11.25 16:11:46 | 000,000,000 | ---D | M] -- C:\Application Data
[2009.06.15 17:41:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.08.12 10:02:15 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.10.08 18:32:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.06.25 07:10:45 | 000,000,000 | ---D | M] -- C:\Intel
[2008.10.24 11:47:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.09 12:11:57 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.08.09 12:13:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.10.08 18:32:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.15 20:37:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.22 10:45:52 | 000,000,000 | -H-D | M] -- C:\Temp
[2008.10.09 19:34:14 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.09 08:49:48 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2011.01.04 17:10:10 | 000,001,601 | ---- | M] () -- C:\Program Files\4D_v12_1_SetUpMirror.exe

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-12 07:44:58

< End of report >

Alt 16.08.2011, 14:45   #2
FlFe
 
möglicherweise Torpig_2-Infektion, Bank-Account gesperrt - Standard

möglicherweise Torpig_2-Infektion, Bank-Account gesperrt


so, habe nochmal den ESET online Scanner laufen lassen:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=bb5fa203d748f74da6a6283c3cbca171
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-16 01:34:22
# local_time=2011-08-16 03:34:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 23035191 151020684 0 0
# compatibility_mode=8192 67108863 100 0 235 235 0 0
# scanned=280102
# found=2
# cleaned=0
# scan_time=13706
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-32d06e76	Java/Exploit.CVE-2010-4452.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\101659d0-1bb871a5	probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (unable to clean)	00000000000000000000000000000000	I

MalWareBytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7478

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

16.08.2011 16:12:39
mbam-log-2011-08-16 (16-12-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 189348
Laufzeit: 11 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PDRV (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRV (Worm.KoobFace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\drivers\PDRV.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
__________________

Geändert von FlFe (16.08.2011 um 15:13 Uhr)

Antwort

Themen zu möglicherweise Torpig_2-Infektion, Bank-Account gesperrt
acedrv05.sys, ad-aware, adobe, autorun, bho, bonjour, brief, c:\windows\system32\rundll32.exe, converter, defender, device driver, error, firefox, format, gesperrt, google earth, helper, home, microsoft security, mp3, ms security essentials, nvlddmkm.sys, object, otl-log, pc probleme, plug-in, problem, realtek, registry, rundll, security, security update, shell32.dll, software, sptd.sys, starmoney, start menu, studio, temp, torpig, torpig_2, updates, version=1.0, vista


« Google Redirect Virus löschen ? | TR/Spy.Ipsiut.ao.1 »


Ähnliche Themen: möglicherweise Torpig_2-Infektion, Bank-Account gesperrt


  1. Onlinebanking Zugang von der Bank gesperrt - keine Infektion gefunden
    Log-Analyse und Auswertung - 09.10.2015 (20)
  2. Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner
    Log-Analyse und Auswertung - 13.06.2014 (22)
  3. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  4. Bundespolizei - Virus, Computer account gesperrt
    Log-Analyse und Auswertung - 26.11.2012 (17)
  5. E-Mail Account wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (2)
  6. GMX Account gesperrt - hab ich Schadsoftware auf meinem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  7. Drive-By Infektion und seine Folgen (Bank Phishing)
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2012 (9)
  8. Youtube Account möglicherweise gehacked? Arabische Songs zu Playlists hinzugefügt?
    Log-Analyse und Auswertung - 29.09.2011 (7)
  9. Onlinekonto gesperrt- Bank meint hätten einen Trojaner/ Avira findet: TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (3)
  10. Ebay und Online Banking Account gesperrt
    Log-Analyse und Auswertung - 28.07.2011 (1)
  11. GOZI trojaner- bank zugang gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (1)
  12. Email Account von der Telekom gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (5)
  13. Trojaner eingefangen. Onlinebanking-Account gesperrt :(
    Log-Analyse und Auswertung - 03.11.2010 (23)
  14. Welcher Trojaner an Bord? Bank sperrt online Account
    Plagegeister aller Art und deren Bekämpfung - 31.07.2009 (23)
  15. Keylogger Verdacht Steam Account gesperrt
    Plagegeister aller Art und deren Bekämpfung - 31.03.2009 (3)
  16. Anruf von BANK, Konto gesperrt! GRUND: WSNPOEM (Trojaner!)
    Plagegeister aller Art und deren Bekämpfung - 01.11.2007 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema möglicherweise Torpig_2-Infektion, Bank-Account gesperrt - Hallo, ich habe von meiner Bank einen Brief bekommen, daß Daten zu meinem Account im Web gefunden worden seien, und mein Rechner wohl von Torpig_2 infiziert worden sei. Mein Problem - möglicherweise Torpig_2-Infektion, Bank-Account gesperrt...
Archiv
Du betrachtest: möglicherweise Torpig_2-Infektion, Bank-Account gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130