Unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden und Meldung der Hausbank

Kinkster · 27.08.2011, 13:23

Hallo zusammen,

meine Hausbank hat mir eine Email geschickt, mit dem folgenden Hinweis:

Zitat:

wir haben von unserem Rechenzentrum die Information erhalten, dass Ihre
persönlichen Legitimationsmedien für das Internet-Banking der *** Bank
ausgespäht wurden.

Zu Ihrer eigenen Sicherheit haben wir Ihren Zugang zum Internet-Banking gesperrt.
Innerhalb der nächsten fünf Werktage erhalten Sie neue Zugangsdaten (Start-PIN
und iTAN-Liste) an die in unserem System hinterlegte Anschrift zugesandt.

Einschränkungen bezüglich der Nutzung Ihrer ec(Maestro)-Karte und
Ihrer ***-VISA-Card sind nicht gegeben.

Wir empfehlen Ihnen Ihren Rechner umgehend auf Schadsoftware zu überprüfen.
Darüber hinaus empfehlen wir eine vollständige Neuinstallation des Systems bzw.
einen IT-Fachmann aufzusuchen.

Zusätzlich meldete sich auch Paypal und wies auf eine fehlgeschlagene Transaktion hin, die nicht von mir getätigt wurde.

Beim Hochfahren des Rechners meldete AntiVir:

Zitat:

In der Datei 'C:\Recycle.Bin\B6232F3A50A.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Datei in Quarantäne verschieben

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.08.2011 12:23:54 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Tobias\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 60,03% Memory free
3,74 Gb Paging File | 2,82 Gb Available in Paging File | 75,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,31 Gb Total Space | 7,27 Gb Free Space | 12,25% Space Free | Partition Type: NTFS
Drive D: | 87,72 Gb Total Space | 77,11 Gb Free Space | 87,90% Space Free | Partition Type: NTFS
Drive F: | 44,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TOBIAS-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.27 12:01:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
PRC - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.01 10:31:38 | 007,690,104 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2010.03.22 18:10:43 | 002,326,912 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.08.28 17:55:42 | 000,357,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.08.28 17:55:38 | 000,661,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.08.28 17:55:10 | 005,078,416 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.11.03 14:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.14 22:06:30 | 000,061,493 | ---- | M] (SIEMENS AG) -- D:\Programme\Step7\S7BIN\s7hspsvx.exe
PRC - [2008.07.03 14:30:28 | 001,571,912 | ---- | M] (SIEMENS AG) -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
PRC - [2008.07.03 14:30:28 | 000,240,712 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
PRC - [2008.02.29 23:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.01.21 04:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.02 14:00:49 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\54088d36d01e44e6abf5776693ca1d3e\System.Messaging.ni.dll
MOD - [2011.07.02 13:53:33 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.02 13:52:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.02 13:51:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.02 13:50:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.02 13:49:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.02 13:46:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.02 13:46:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.03.27 22:11:04 | 000,094,208 | ---- | M] () -- D:\FileZilla FTP Client\fzshellext.dll
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- D:\Programme\RarExt.dll
MOD - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
MOD - [2007.01.11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.22 18:10:43 | 002,326,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.08.28 17:55:38 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.14 22:06:30 | 000,061,493 | ---- | M] (SIEMENS AG) [Auto | Running] -- D:\Programme\Step7\S7BIN\s7hspsvx.exe -- (s7hspsvx)
SRV - [2008.07.03 14:30:28 | 001,571,912 | ---- | M] (SIEMENS AG) [Auto | Running] -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx)
SRV - [2008.07.03 14:30:28 | 000,240,712 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX)
SRV - [2008.02.29 23:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.26 15:10:34 | 000,122,224 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011.04.26 15:10:34 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.04.26 15:10:34 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011.04.26 15:10:32 | 000,162,544 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010.03.22 18:10:45 | 000,152,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.03.22 18:10:41 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010.03.22 18:10:39 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.03.22 18:10:24 | 000,156,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.08.26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.20 19:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.03 14:04:42 | 000,031,232 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7opcsrtx.sys -- (S7opcsrtx) PROFINET IO RT-Protocol (LLDP)
DRV - [2008.01.21 04:23:50 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.12.05 12:51:04 | 000,310,144 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO)
DRV - [2007.09.18 05:09:36 | 000,452,968 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.07.30 13:06:04 | 000,071,168 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7snsrtx.sys -- (s7snsrtx)
DRV - [2007.07.30 02:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.07.04 11:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.06.19 12:04:48 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.05.31 22:11:04 | 000,013,312 | ---- | M] (Topfield (visit www.topfield.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfBulk.SYS -- (TfBulk)
DRV - [2007.01.24 18:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74195f76000000000000001644c44ade&tlver=1.4.19.19&affID=17160
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=74195f76000000000000001644c44ade&tlver=1.4.19.19&affID=17160
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=74195f76000000000000001644c44ade&tlver=1.4.19.19&affID=17160"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {25b3130e-8513-41b6-8ea8-43dbc9cc0f12}:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=74195f76000000000000001644c44ade&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.12.14 22:21:38 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.03 13:29:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 07:33:36 | 000,000,000 | ---D | M]
 
[2008.09.12 17:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.04.11 20:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions
[2010.09.15 17:39:30 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.12.14 23:03:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.09.12 17:52:21 | 000,000,000 | ---D | M] (Werder Bremen) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions\{25b3130e-8513-41b6-8ea8-43dbc9cc0f12}
[2011.04.11 20:49:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.11 20:26:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7qrumvel.default\extensions\ffxtlbr@babylon.com
[2010.09.15 17:39:48 | 000,001,201 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qrumvel.default\searchplugins\winamp-search.xml
[2011.06.11 10:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.05 16:41:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.07.03 13:29:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.11 20:26:09 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2b8faef2-810e-11dd-94de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b8faef2-810e-11dd-94de-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\itunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SiSTray - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: tvncontrol - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.08 18:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.08.08 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.27 12:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.27 12:07:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.27 12:07:01 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.27 12:07:01 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.27 12:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.27 12:02:33 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.08.26 19:32:34 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE6EF4ED-6B37-4C41-96D4-595EE0C52C41}.job
[2011.08.26 11:58:08 | 000,000,520 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2011.08.26 09:03:30 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.26 09:03:30 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.26 09:03:30 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.26 09:03:30 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.08 18:50:26 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
 
========== Files Created - No Company Name ==========
 
[2011.08.27 12:02:33 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.08.08 18:50:26 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.07.18 11:28:07 | 000,233,472 | ---- | C] () -- C:\Windows\System32\HePro32.exe
[2011.07.18 11:28:06 | 000,175,104 | ---- | C] () -- C:\Windows\System32\H5menu32.dll
[2011.07.18 11:28:06 | 000,080,384 | ---- | C] () -- C:\Windows\System32\H5rtf32.dll
[2011.07.18 11:28:06 | 000,050,688 | ---- | C] () -- C:\Windows\System32\H5tool32.dll
[2011.07.18 11:28:05 | 000,968,192 | ---- | C] () -- C:\Windows\System32\H5krnl32.dll
[2011.07.18 11:28:05 | 000,188,928 | ---- | C] () -- C:\Windows\System32\H5icon32.dll
[2011.07.18 11:28:05 | 000,112,128 | ---- | C] () -- C:\Windows\System32\H5dlg32.dll
[2010.05.08 09:58:56 | 003,772,928 | ---- | C] () -- C:\Program Files\Common Files\WSCAD55Schul.msi
[2010.05.07 22:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.02.12 18:32:03 | 000,020,605 | ---- | C] () -- C:\Windows\HL-4040CN.INI
[2010.02.12 18:06:53 | 000,000,520 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.12 18:06:53 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd4040cn.dat
[2010.02.12 18:06:53 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.12 18:06:53 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2010.02.12 18:06:51 | 000,000,147 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010.02.12 18:06:51 | 000,000,023 | -H-- | C] () -- C:\Windows\Brownie.ini
[2010.02.12 18:05:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010.02.12 18:05:57 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010.02.12 18:05:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2010.01.06 18:19:11 | 000,000,098 | ---- | C] () -- C:\Windows\SPL7019.DAT
[2009.12.21 19:42:01 | 000,000,093 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.12.21 19:23:31 | 000,000,018 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Sys386k1.dat
[2009.12.21 19:21:38 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\cxxprot
[2009.12.14 22:26:48 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.12.14 22:26:47 | 001,669,120 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009.12.14 22:26:47 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009.12.14 22:26:47 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.12.14 22:26:47 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.11.01 22:08:36 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.09.24 18:30:56 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.27 17:42:58 | 000,177,152 | ---- | C] () -- C:\Windows\System32\c5uninst.dll
[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.01.26 20:41:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.21 16:25:13 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2008.09.17 21:29:57 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2008.09.17 19:04:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.17 19:04:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.15 19:57:20 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008.09.12 17:02:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.05 11:41:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.05.08 11:04:07 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2008.04.14 22:33:57 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.14 22:33:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.14 22:33:57 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.14 22:33:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.02.29 23:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 04:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,386,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2005.06.10 09:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll
[1999.07.16 15:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll
[1998.03.11 23:15:52 | 000,025,600 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[1998.03.11 23:00:30 | 000,015,408 | ---- | C] () -- C:\Windows\System32\CB560WIN.DLL
[1997.01.29 18:53:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[1997.01.15 14:33:46 | 000,009,216 | ---- | C] () -- C:\Windows\System32\CBNVDD.DLL
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.05.14 13:07:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.22 20:00:49 | 000,000,000 | -HSD | M] -- C:\AX NF ZZ
[2008.04.14 22:12:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.23 08:56:56 | 000,000,000 | -H-D | M] -- C:\Downloads
[2008.09.12 14:32:13 | 000,000,000 | -H-D | M] -- C:\Fujitsu Siemens Computers
[2008.09.21 20:32:09 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.07.10 15:38:32 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.08.08 18:50:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.01 16:22:13 | 000,000,000 | -H-D | M] -- C:\Quicken
[2011.08.27 10:22:08 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011.04.28 12:08:40 | 000,000,000 | -H-D | M] -- C:\rsit
[2011.08.27 12:29:41 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2010.09.19 18:08:10 | 000,000,000 | -H-D | M] -- C:\Temp
[2008.09.12 16:23:48 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.09 19:23:15 | 000,000,000 | ---D | M] -- C:\Windows
[2010.05.08 10:02:18 | 000,000,000 | -H-D | M] -- C:\WSCAD55Schule
[2009.08.06 01:00:00 | 000,000,000 | -H-D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:25:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:25:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-26 17:36:49
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

--- --- ---

Im Anhnag befinden sich die gmer.txt und die extras.txt

Der Rechner macht ansonsten (noch) nichts ungewöhnliches.

Vielleicht könnt Ihr mir ein wenig helfen.

Vielen Dank schonmal.

Gruß
Kinkster

Kinkster · 27.08.2011, 14:10

Hier noch der Bericht von Malwarebytes:

Zitat:

alwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7587

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.08.2011 15:05:27
mbam-log-2011-08-27 (15-05-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 194980
Laufzeit: 14 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\3e7d6e0a84b14d4 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

cosinus · 29.08.2011, 14:37

Zitat:

c:\Recycle.Bin\3e7d6e0a84b14d4 (Trojan.Spyeyes)

Eins vorweg: Es sollte hinlänglich bekannt sein, dass eine Bereinigung keine 100% Sicherheit (in Bezug auf Entfernung der Infektion) liefert und man den Rechner plätten und neu installieren sollte, wenn man kritische Dinge wie zB Onlinebanking in Zukunft weiterhin sicher erledigen will. Gerade beim BKA-Fake seh ich häufig noch SpyEyes-Infektionen - SpyEyes ist ein gefährlicher Keylogger, der sämtliche Tastaturanschläge aufzeichnet und so prinzipiell jedes eingetippte Passwort klauen kann!
Falls du lieber eine Neuinstallation vornehmen und vorher noch alle relevanten Daten sichern willst, folgst du zuerst dem 2. Link in meiner Signatur zur Datensicherung über Ubuntu oder einer anderen beliebigen Live-CD, anschließend dem Artikel zur Neuinstallation von Windows. Natürlich änderst du dann auch sämtliche Passwörter, wenn das System frisch installiert wurde!

Wichtig: Sichere über die Live-CD nur reine Datendateien, KEINE ausführbaren Dateien wie Programme/Spiele oder Setupdateien!

Unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden und Meldung der Hausbank

Plagegeister aller Art und deren Bekämpfung: Unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden und Meldung der Hausbank