Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Gozi-Befall wurde mir durch meine Bank gemeldet

Gozi-Befall wurde mir durch meine Bank gemeldet


Plagegeister aller Art und deren Bekämpfung: Gozi-Befall wurde mir durch meine Bank gemeldet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.12.2010, 20:22   #1
JoChan
 
Gozi-Befall wurde mir durch meine Bank gemeldet - Standard

Gozi-Befall wurde mir durch meine Bank gemeldet


Hallo und guten Abend,
das Problem scheint ja bereits mehrmals aufgetreten zu sein: vor Kurzem wurde mir mein Online-Banking Account gesperrt. Begründung: Mein Rechner soll laut der Bank von dem Trojaner Gozi befallen sein.

Als Virusschutz verwende ich AntiVir und Windows-Defender, die beide nichts gemeldet haben.

Entsprechend eurer Anleitung habe ich die verschiedenen Scans durchgeführt, Ergebnisse siehe unten. Es hat alles gut funktioniert, zwei Abweichungen gab es von dem Prozedere, dass dort beschrieben wird:
(1) Defogger hat mich nicht zum Neustart aufgefordert
(2) Nach dem OTL-Scan wurde keine Datei "Extras.txt" erstellt, dafür aber eine "Scan.txt" Ich gehe mal davon aus, dass dies die gewünscht Datei ist...

Ich würde mich sehr über eure Hilfe freuen! Schonmal vielen Dank im Vorraus,
freundliche Grüße
JoChan

So, und hier nun die Logfiles

(1) Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5233

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.12.2010 17:41:46
mbam-log-2010-12-02 (17-41-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140363
Laufzeit: 5 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Admin\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.


(2) defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 02/12/2010 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read SafeBoot.sys


-=E.O.F=-


(3) Gmer.txt:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-02 19:31:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldykog.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
? C:\windows\System32\Drivers\SafeBoot.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9BC0A000, 0x1FB97A, 0xE8000020]
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] ntdll.dll!LdrLoadDll 77209390 5 Bytes JMP 00D013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630@00039d308030 0x6A 0x51 0x0E 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218677c630@00219e411bb2 0xAA 0x49 0x07 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630@00039d308030 0x6A 0x51 0x0E 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218677c630@00219e411bb2 0xAA 0x49 0x07 0xAC ...
 
---- EOF - GMER 1.0.15 ----
--- --- ---


(4) OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.12.2010 19:33:33 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 169,34 Gb Free Space | 58,78% Space Free | Partition Type: NTFS
Drive D: | 7,90 Gb Total Space | 0,99 Gb Free Space | 12,57% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: ***-LAPTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.02 17:25:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.11.19 18:52:06 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.19 18:52:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.19 18:52:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.25 19:21:41 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.05.14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.02 17:25:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.03.25 13:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008.01.21 03:34:51 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:34:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:33:21 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.19 18:52:06 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.19 18:52:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 19:21:41 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2010.11.23 17:40:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.19 18:52:06 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.09.23 16:11:09 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.09.23 16:10:00 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.09.23 16:10:00 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.04 01:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.27 05:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.28 13:27:42 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.05.28 13:27:40 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008.05.28 13:27:40 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.05.21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.04.03 22:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.21 19:35:24 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 13:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.02.04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 22:24:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 22:24:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.01 13:59:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.02.15 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.02.15 15:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.02 16:33:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions
[2010.06.25 12:52:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.15 15:05:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.24 21:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.27 18:14:16 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010.02.15 15:05:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.29 18:30:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cmstnlpa] C:\Users\Admin\AppData\Local\Temp\cmdcopy.DLL File not found
O4 - HKCU..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe (blppSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.102.20.20
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7a5fab6d-d21d-11de-9439-00218677c630}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5fab6d-d21d-11de-9439-00218677c630}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{93d9f708-961b-11de-9045-00218677c630}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{f63a37be-1ebd-11de-b907-00218677c630}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{f63a37be-1ebd-11de-b907-00218677c630}\Shell\open\command - "" = wscript.exe .\.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.02 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Gmer
[2010.12.02 17:34:21 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010.12.02 17:33:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.12.02 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.12.02 17:26:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.02 17:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.02 17:26:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.02 17:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.02 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.02 16:29:36 | 000,000,000 | ---D | C] -- C:\peanut
[2010.11.24 21:39:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.23 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2010.11.23 11:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\SPSSInc
[2010.11.18 12:28:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010.11.18 12:28:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2009.03.27 05:47:16 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2009.03.13 12:42:09 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.02 17:48:48 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.12.02 17:48:48 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.12.02 17:48:48 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.12.02 17:48:48 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.12.02 17:45:32 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2010.12.02 17:43:45 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.12.02 17:43:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.12.02 17:43:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.02 17:43:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.02 17:43:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.12.02 17:42:25 | 000,003,204 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.12.02 17:33:42 | 000,000,775 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2010.12.02 17:33:42 | 000,000,756 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2010.12.02 17:26:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.02 17:24:59 | 000,288,107 | ---- | M] () -- C:\Users\Admin\Desktop\Gmer.zip
[2010.12.02 17:24:59 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\defogger.exe
[2010.12.02 17:24:21 | 000,471,560 | ---- | M] () -- C:\Users\Admin\Desktop\Load.exe
[2010.12.02 16:30:44 | 000,002,605 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Word.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.11.28 18:53:01 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI
[2010.11.28 18:53:01 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI
[2010.11.27 11:28:15 | 000,001,364 | ---- | M] () -- C:\Users\Admin\Desktop\ICHB - Verknüpfung.lnk
[2010.11.24 21:39:14 | 000,001,032 | ---- | M] () -- C:\Users\Admin\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.23 17:40:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010.11.21 20:59:18 | 000,045,568 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.19 18:52:06 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.11.08 10:24:37 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2010.12.02 17:45:32 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2010.12.02 17:33:42 | 000,000,775 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2010.12.02 17:33:42 | 000,000,756 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2010.12.02 17:26:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.02 17:24:59 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\defogger.exe
[2010.12.02 17:24:58 | 000,288,107 | ---- | C] () -- C:\Users\Admin\Desktop\Gmer.zip
[2010.12.02 17:24:18 | 000,471,560 | ---- | C] () -- C:\Users\Admin\Desktop\Load.exe
[2010.11.27 11:28:15 | 000,001,364 | ---- | C] () -- C:\Users\Admin\Desktop\ICHB - Verknüpfung.lnk
[2010.11.22 18:09:27 | 001,753,430 | ---- | C] () -- C:\Users\Admin\Desktop\DSCI1211.JPG
[2010.10.27 09:47:39 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2010.10.27 09:47:39 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2010.01.30 16:46:22 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009.11.08 11:30:49 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009.09.11 11:49:11 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.06.03 18:33:05 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2009.06.03 18:33:05 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2009.06.03 12:03:13 | 000,000,377 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PrimoPDFSet.xml
[2009.06.03 11:19:51 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2009.05.31 14:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2009.05.28 09:24:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.06 10:53:50 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009.03.27 05:48:22 | 001,810,992 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.03.27 05:48:12 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.03.16 21:37:02 | 000,000,021 | ---- | C] () -- C:\windows\PMK_setup.ini
[2009.03.13 15:20:45 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI
[2009.03.13 14:58:22 | 000,045,568 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2009.03.13 12:50:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2009.03.13 12:42:08 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.07.23 14:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.30 17:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.21 10:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009.08.23 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BackToZIP
[2010.09.23 13:38:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cycle of 5th
[2010.11.24 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.03.13 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo
[2009.03.28 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Micrografx
[2010.02.14 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2010.12.02 17:42:25 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009.03.14 16:18:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.03.14 16:18:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.02.05 21:24:00 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010.02.05 21:24:00 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2010.02.05 21:24:00 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010.02.05 21:24:00 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TM.blf
[2010.02.05 21:24:00 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TMContainer00000000000000000001.regtrans-ms
[2010.02.05 21:24:00 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5431937b-1287-11df-970d-00218677c630}.TMContainer00000000000000000002.regtrans-ms
[2010.12.02 17:43:27 | 2189,508,608 | -HS- | M] () -- C:\pagefile.sys
[2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:35:34 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:34 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:35:34 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2010.02.05 19:37:58 | 000,037,665 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010.05.21 10:57:40 | 000,466,784 | ---- | M] (CIB software GmbH, München) -- C:\Windows\System32\spool\prtprocs\w32x86\CIBpdfPP.dll
[2009.03.24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA1.DLL
[2009.03.24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA1.DLL
[2008.03.10 23:30:24 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp081.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.21 10:38:24 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009.04.11 07:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-30 10:56:28
 
< End of report >
--- --- ---


(5) scan.txt (weil ich kein Extras.txt habe):

netsvcs
msconfig
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Themen zu Gozi-Befall wurde mir durch meine Bank gemeldet
0x00000001, adobe, antivir, autorun, avg, avgntflt.sys, avira, bho, canon, converter, corp./icp, defogger_disable log, desktop, e-banking, explorer, extras.txt, firefox, firefox.exe, format, home, launch, location, mozilla, mozilla thunderbird, mp3, neustart, ntdll.dll, nvstor.sys, oldtimer, otl logfile, otl-scan, otl.txt, plug-in, problem, programdata, registry, safer networking, searchplugins, security, software, system, temp, trojaner, usb, vista, windows-defender, wscript.exe


« Belästigung seit fast 5 Jahren durch Keylogger oder Trojaner | Win32.autorun.tmp und TR/Crypt.XPACK.Gen3 gefunden - wie entfernen? »


Ähnliche Themen: Gozi-Befall wurde mir durch meine Bank gemeldet


  1. Neu aufgestzter PC (nach Befall): keine sichere Verbindung zu Bank-Websites, Probleme mit "sicherem Zahlungsverkehr" und Internet/Netzwerk
    Log-Analyse und Auswertung - 31.12.2014 (28)
  2. Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall
    Log-Analyse und Auswertung - 04.08.2014 (20)
  3. Aufforderung zur Änderung der Telefon-Banking-Pin durch die Deutsche Bank
    Diskussionsforum - 02.08.2014 (0)
  4. nach Befall durch BKA Virus Entfernung durch Fachhandel Jetzt startet Windows sicherheitsdienst nicht mehr
    Log-Analyse und Auswertung - 05.06.2014 (14)
  5. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  6. Meine Identität wurde über meine IP festgestellt?
    Log-Analyse und Auswertung - 13.02.2013 (5)
  7. Torpig - Troyaner Infizierung von der Bank gemeldet!
    Log-Analyse und Auswertung - 17.07.2011 (4)
  8. GOZI trojaner- bank zugang gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (1)
  9. Gozi Befall - Formatierung der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (6)
  10. Gozi-Befall: Ausbreitung auf andere angeschlossenen Geräte bzw. Rechner im Netzwerk?
    Plagegeister aller Art und deren Bekämpfung - 30.11.2010 (17)
  11. Gozi-Befall auf einem oder mehreren von 4 Rechnern.
    Plagegeister aller Art und deren Bekämpfung - 23.11.2010 (5)
  12. Nachricht von der Bank, dass mein Rechner mit Trojaner GOZI befallen ist
    Log-Analyse und Auswertung - 19.11.2010 (34)
  13. Gozi griff auf Mail- und Bank accounts zu
    Plagegeister aller Art und deren Bekämpfung - 15.11.2010 (11)
  14. Online-Banking durch Trojaner Gozi gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2010 (21)
  15. Warnung von Bank, Rechner mit Trojaner Gozi infiziert
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (1)
  16. Internetbanking Sperrung durch Gozi
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (9)
  17. Meine Bank ruft mich an...
    Log-Analyse und Auswertung - 08.07.2010 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gozi-Befall wurde mir durch meine Bank gemeldet - Hallo und guten Abend, das Problem scheint ja bereits mehrmals aufgetreten zu sein: vor Kurzem wurde mir mein Online-Banking Account gesperrt. Begründung: Mein Rechner soll laut der Bank von dem - Gozi-Befall wurde mir durch meine Bank gemeldet...
Archiv
Du betrachtest: Gozi-Befall wurde mir durch meine Bank gemeldet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131