| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Banking Trojaner? Sparda BankWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.05.2011, 12:53
| #1 | |
 |  Banking Trojaner? Sparda Bank Hallo. Ich habe ein sehr ähnliches Problem wie der Herr in diesem Thread. Nach Regel 1 des Boards eröffne ich aber ein eugenes Thema dazu: Seit letzter Woche ist mir aufgefallen, dass Programme (Firefox/Thunderbird/iTunes usw...) oft doppelt oder dreifach gestartet werden müssen, bis was passiert. Beim ersten Klick kommt oft nur der Warte-Mauszeiger und verschwindet nach 2-3 Sekunden. Danach passiert nichts mehr. Heute ist mir beim versuchten Onlinebanking das gleiche passiert, wie o.g. Herr in seinem Thread beschreibt: Nach Eingabe der Logindaten auf der Bank-Webseite (keine Tippfehler in der Adresse) kommt folgende Meldung: Zitat:
Ich habe 4 Partitionen auf meinem System. Muss ich mich von allen Daten verabschieden, oder nur die Systempartition formatieren? Wenn ich sowieso mein Win7 neu aufsetzen muss, will ich gleich ein Dualboot-system mit Win7 und Ubuntu 11.04 erstellen, also werde ich sowieso Partitionen schubsen müssen usw... OTL.txt sagt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.05.2011 13:32:24 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\der Jipi\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.02 13:25:39 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\DERJIP~1\AppData\Local\Temp\GSS9359.exe PRC - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe PRC - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 11:39:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\xampp\mysql\bin\mysqld.exe PRC - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\xampp\apache\bin\httpd.exe PRC - [2009.03.20 03:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (SafeList) ========== MOD - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.12.09 03:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll MOD - [2009.07.14 03:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009.04.29 03:13:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCP71.dll MOD - [2008.03.04 02:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCR71.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.10.14 17:39:35 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.10.14 17:37:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.12.01 14:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.11.30 11:39:01 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 14:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.20 03:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.06.08 15:26:10 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2at64.sys -- (Ser2at) DRV:64bit: - [2006.12.28 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 10:17:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 10:17:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 10:01:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions [2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.30 10:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions [2010.09.28 08:40:57 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011.01.14 13:00:25 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.04.29 19:04:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2011.01.13 10:49:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.09 23:47:46 | 000,000,000 | ---D | M] (GrApple Delicious (blue)) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{472be34c-9688-fd8a-227e-f32eabb78c1c} [2009.10.09 23:47:46 | 000,000,000 | ---D | M] (iFox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} [2011.04.16 10:34:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.04.16 10:34:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\foxmarks@kei.com [2010.01.21 21:26:53 | 000,002,321 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\forestle-de.xml [2008.10.28 08:34:32 | 000,001,196 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\winamp-search.xml [2011.04.30 10:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.27 16:10:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.20 09:18:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.18 17:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 10:57:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.17 10:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI () (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.10.14 18:09:13 | 000,001,345 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.02 13:31:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.05.02 13:22:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe [2011.05.02 13:22:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe [2011.05.02 13:22:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe [2011.04.29 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2011.04.23 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\.traverso [2011.04.23 17:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traverso [2011.04.23 17:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traverso [2011.04.23 11:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.23 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.23 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.04.18 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\Desktop\kjr ========== Files - Modified Within 30 Days ========== [2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 13:30:59 | 000,000,920 | ---- | M] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk [2011.05.02 13:30:59 | 000,000,901 | ---- | M] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk [2011.05.02 13:29:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.02 13:29:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.02 13:29:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.02 13:29:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.02 13:29:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.02 13:25:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.02 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.02 13:25:13 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys [2011.05.02 13:23:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe [2011.05.02 13:23:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe [2011.05.02 13:19:11 | 000,377,282 | ---- | M] () -- C:\Users\der Jipi\Desktop\Load.exe [2011.05.02 13:01:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 17:26:31 | 000,091,911 | ---- | M] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg [2011.04.23 11:37:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.17 18:05:12 | 002,891,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.15 10:57:38 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk ========== Files Created - No Company Name ========== [2011.05.02 13:30:59 | 000,000,920 | ---- | C] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk [2011.05.02 13:30:59 | 000,000,901 | ---- | C] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk [2011.05.02 13:22:35 | 000,377,282 | ---- | C] () -- C:\Users\der Jipi\Desktop\Load.exe [2011.04.30 10:17:25 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.27 17:26:29 | 000,091,911 | ---- | C] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg [2011.04.23 11:37:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.29 02:02:33 | 000,151,602 | ---- | C] () -- C:\Windows\SysWow64\pspnt.dll [2011.01.29 02:02:33 | 000,065,606 | ---- | C] () -- C:\Windows\SysWow64\rmvport.exe [2010.12.12 16:27:38 | 000,001,526 | ---- | C] () -- C:\Windows\ImpactView.INI [2010.11.17 21:54:08 | 000,001,640 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\gnuplot_history [2010.09.13 19:50:42 | 000,450,560 | ---- | C] () -- C:\Windows\mlib.dll [2010.09.13 19:50:42 | 000,376,832 | ---- | C] () -- C:\Windows\libmwfftw.dll [2010.09.13 19:50:42 | 000,229,376 | ---- | C] () -- C:\Windows\sgl.dll [2010.09.13 19:50:42 | 000,176,128 | ---- | C] () -- C:\Windows\libmwumfpack.dll [2010.09.13 19:50:42 | 000,057,344 | ---- | C] () -- C:\Windows\libmwlapack.dll [2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwgcl.dll [2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwcl.dll [2010.09.13 19:50:41 | 001,662,976 | ---- | C] () -- C:\Windows\lapack.dll [2010.09.13 19:50:41 | 001,048,576 | ---- | C] () -- C:\Windows\atlas_PIII.dll [2010.09.13 19:50:41 | 000,868,352 | ---- | C] () -- C:\Windows\hg_sgl.dll [2010.09.13 19:50:41 | 000,765,952 | ---- | C] () -- C:\Windows\libmatlb.dll [2010.09.13 19:50:41 | 000,421,888 | ---- | C] () -- C:\Windows\gui_sgl.dll [2010.09.13 19:50:41 | 000,110,592 | ---- | C] () -- C:\Windows\hardcopy_sgl.dll [2010.09.13 19:50:41 | 000,053,248 | ---- | C] () -- C:\Windows\ismembc.dll [2010.09.13 19:50:41 | 000,020,480 | ---- | C] () -- C:\Windows\convnc.dll [2010.08.26 15:37:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.07.19 23:20:50 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\winscp.rnd [2010.05.01 21:41:25 | 000,004,608 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.06 18:00:33 | 000,096,788 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.02.13 14:37:57 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll [2010.02.13 14:37:57 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe [2010.02.13 14:37:57 | 000,037,376 | ---- | C] () -- C:\Windows\CPLUtl64.exe [2010.02.13 14:36:51 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini [2010.01.24 17:18:01 | 000,007,601 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\Resmon.ResmonCfg [2009.10.14 14:20:01 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\PUTTY.RND [2009.10.09 23:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.09 21:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.02.23 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Artisteer [2011.03.26 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Audacity [2010.11.30 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\CadSoft [2010.11.10 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.05.02 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Dropbox [2010.12.23 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\FileZilla [2009.11.23 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Funambol [2009.10.10 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Notepad++ [2009.10.14 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\OpenOffice.org [2010.03.31 01:04:15 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Reign of Augustus [2009.11.12 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Subversion [2010.12.16 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TeamViewer [2010.09.10 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Thunderbird [2009.11.27 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Trillian [2010.07.20 08:16:45 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TrueCrypt [2010.11.09 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\xm1 [2011.02.06 12:52:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.20 17:51:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.09.20 12:10:29 | 000,000,000 | ---D | M] -- C:\adaptec [2009.10.09 22:03:26 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.26 20:48:24 | 000,000,000 | ---D | M] -- C:\jDownloader [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.23 11:37:14 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.02 13:30:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2010.11.09 23:54:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.09 21:32:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.05.02 13:34:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.09.13 20:21:19 | 000,000,000 | ---D | M] -- C:\temp_buffer [2010.04.23 18:44:28 | 000,000,000 | R--D | M] -- C:\Users [2011.05.02 13:31:17 | 000,000,000 | ---D | M] -- C:\Windows [2010.05.28 23:47:19 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB [2009.11.02 13:15:41 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Und Extras.txt sagt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.05.2011 13:32:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\der Jipi\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.2
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F318330F-DE7D-4B22-AF7C-C3760DDC2EF3}" = Xmarks for IE
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.3.0
"DC2dInvRes_is1" = DC2dInvRes v. 2.12.0
"EADM" = EA Download Manager
"EAGLE 5.10.0" = EAGLE 5.10.0
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.3
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA-Treiber
"IXRefraX" = IXRefraX
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Notepad++" = Notepad++
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Speccy" = Speccy
"Tera Term_is1" = Tera Term 4.64
"Texmaker" = Texmaker
"Traverso_is1" = Traverso 0.49.1
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"winscp3_is1" = WinSCP 4.2.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2011 14:44:41 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1474 Startzeit:
01cc0441b27aa1f3 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
3d62b989-7035-11e0-81c4-001558aef1bb
Error - 26.04.2011 15:34:09 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.04.2011 15:34:52 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 27.04.2011 04:34:57 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.04.2011 04:35:21 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 27.04.2011 08:33:43 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3270 Startzeit:
01cc04d154256c8b Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
Berichts-ID:
Error - 27.04.2011 09:06:08 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2a88 Startzeit:
01cc04d7a63aeb95 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
Berichts-ID:
Error - 29.04.2011 09:16:06 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 0.7.110.0,
Zeitstempel: 0x477b8d63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000103bb ID des fehlerhaften
Prozesses: 0x964 Startzeit der fehlerhaften Anwendung: 0x01cc066f8d0cec03 Pfad der
fehlerhaften Anwendung: C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d6b115df-7262-11e0-a4fe-001558aef1bb
Error - 30.04.2011 04:12:36 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e80 Startzeit:
01cc070e10a8aaa4 Endzeit: 118 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
996d1649-7301-11e0-a942-001558aef1bb
Error - 30.04.2011 11:42:09 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CS4ServiceManager.exe, Version: 4.0.0.344,
Zeitstempel: 0x48a440f3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000103bb ID des fehlerhaften
Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0x01cc074d236198ec Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6870baf7-7340-11e0-8d78-001558aef1bb
[ System Events ]
Error - 02.05.2011 06:56:27 | Computer Name = RRiF | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.05.2011 07:24:16 | Computer Name = RRiF | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 02.05.2011 07:24:21 | Computer Name = RRiF | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32
Error - 02.05.2011 07:25:09 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 02.05.2011 07:25:14 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = DCOM | ID = 10005
Description =
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 02.05.2011 07:26:52 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description =
Error - 02.05.2011 07:32:08 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description =
< End of report >
Ich bedanke mich schonmal vielmals für eure Hilfe. Schöne Grüße! Edit: Das Problem mit dem Online Banking tritt - wie ich gerade festgestellt habe - nur im Firefox auf, nicht aber im Chrome oder IE. Habe gestern erst Version 4 vom Firefox installiert. Davor habe ich das Problem zumindest noch nicht entdeckt. Geändert von der_jipi (02.05.2011 um 13:35 Uhr) |
|
02.05.2011, 13:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Banking Trojaner? Sparda Bank Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
02.05.2011, 14:57
| #3 | |
| | Banking Trojaner? Sparda Bank Der obige Link ist abhanden gekommen, ich meinte damit diesen Thread: http://www.trojaner-board.de/98420-t...e-banking.html (Die Links werden irgndwie nicht gespeichert)
__________________Malwarebytes sagt folgendes in der einzigen Logdatei, die unter dem entsprechenden Reiter angezeigt wird: Zitat:
|
|
02.05.2011, 15:24
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda BankZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.05.2011, 23:23
| #5 |
| | Banking Trojaner? Sparda Bank Ok also hier der ausführliche Scan. Die erste Datei ist ein Programm, dass mir die SN meiner Win7 Installation anzeigt. Ich habe von meiner Uni aus 3 Lizenzen bekommen und wusste nicht mehr, welche frei war und welche schon installiert... Zuletzt benutzt vor ca. einem halben Jahr. Die zweite Datei ist irgendein Script von einem Spiel. Alles was damit zusammenhängt habe ich mindestens zwei Jahre nicht mehr angefasst (vor allem noch nie, seit ich Win7 drauf habe). Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6493
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
02.05.2011 23:52:25
mbam-log-2011-05-02 (23-52-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 598531
Laufzeit: 1 Stunde(n), 34 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\firefox dls\produkey141\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
e:\spielplatz\awesom-o 3.5.6\Redvex\brring.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
03.05.2011, 08:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda Bank Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Banking Trojaner? Sparda Bank |
|
03.05.2011, 10:48
| #7 |
| | Banking Trojaner? Sparda Bank ...ist erledigt. Diese exe-Dateien und einige Registry-Keys konnte er wohl nicht finden: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
File J:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
File L:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: der Jipi
->Temp folder emptied: 95421 bytes
->Temporary Internet Files folder emptied: 2835197 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34454664 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2320 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 36,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05032011_112706
Files\Folders moved on Reboot...
C:\Users\der Jipi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
03.05.2011, 10:57
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda Bank Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 11:27
| #9 |
| | Banking Trojaner? Sparda Bank Vielen Dank übrigens für die ausführliche und individuelle Hilfe! Dieses Kaspersky Tool hat laut der Anzeige im ui nichts finden können. Hier ist das Log dazu: Code:
ATTFilter 2011/05/03 12:23:46.0180 4456 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 12:23:46.0336 4456 ================================================================================
2011/05/03 12:23:46.0336 4456 SystemInfo:
2011/05/03 12:23:46.0336 4456
2011/05/03 12:23:46.0336 4456 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/03 12:23:46.0336 4456 Product type: Workstation
2011/05/03 12:23:46.0336 4456 ComputerName: RRIF
2011/05/03 12:23:46.0336 4456 UserName: der Jipi
2011/05/03 12:23:46.0336 4456 Windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456 System windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456 Running under WOW64
2011/05/03 12:23:46.0336 4456 Processor architecture: Intel x64
2011/05/03 12:23:46.0336 4456 Number of processors: 2
2011/05/03 12:23:46.0336 4456 Page size: 0x1000
2011/05/03 12:23:46.0336 4456 Boot type: Normal boot
2011/05/03 12:23:46.0336 4456 ================================================================================
2011/05/03 12:23:46.0594 4456 Initialize success
2011/05/03 12:23:47.0716 5360 ================================================================================
2011/05/03 12:23:47.0716 5360 Scan started
2011/05/03 12:23:47.0716 5360 Mode: Manual;
2011/05/03 12:23:47.0716 5360 ================================================================================
2011/05/03 12:23:49.0117 5360 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/03 12:23:49.0153 5360 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/03 12:23:49.0188 5360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/03 12:23:49.0235 5360 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/05/03 12:23:49.0399 5360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/03 12:23:49.0544 5360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/03 12:23:49.0681 5360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/03 12:23:49.0771 5360 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/03 12:23:49.0813 5360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/03 12:23:49.0861 5360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/03 12:23:49.0881 5360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/03 12:23:49.0919 5360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 12:23:49.0943 5360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/03 12:23:49.0970 5360 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/03 12:23:49.0998 5360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/03 12:23:50.0033 5360 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/03 12:23:50.0145 5360 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/03 12:23:50.0295 5360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/03 12:23:50.0326 5360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/03 12:23:50.0368 5360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 12:23:50.0396 5360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/03 12:23:50.0614 5360 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/03 12:23:50.0721 5360 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/03 12:23:50.0802 5360 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/03 12:23:50.0856 5360 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/05/03 12:23:50.0922 5360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/03 12:23:50.0972 5360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/03 12:23:51.0036 5360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/03 12:23:51.0100 5360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/03 12:23:51.0466 5360 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 12:23:51.0512 5360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/03 12:23:51.0533 5360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/03 12:23:51.0587 5360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/03 12:23:51.0620 5360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/03 12:23:51.0645 5360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/03 12:23:51.0759 5360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/03 12:23:51.0795 5360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/03 12:23:51.0856 5360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 12:23:51.0910 5360 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 12:23:51.0961 5360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/03 12:23:52.0010 5360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/03 12:23:52.0056 5360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 12:23:52.0088 5360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/03 12:23:52.0133 5360 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/03 12:23:52.0163 5360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 12:23:52.0209 5360 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/03 12:23:52.0249 5360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/03 12:23:52.0372 5360 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/03 12:23:52.0434 5360 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 12:23:52.0476 5360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/03 12:23:52.0552 5360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/03 12:23:52.0630 5360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 12:23:52.0677 5360 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 12:23:52.0786 5360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/03 12:23:52.0864 5360 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/03 12:23:52.0926 5360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/03 12:23:52.0958 5360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/03 12:23:53.0004 5360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/03 12:23:53.0036 5360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 12:23:53.0067 5360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 12:23:53.0129 5360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 12:23:53.0160 5360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 12:23:53.0207 5360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 12:23:53.0254 5360 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 12:23:53.0301 5360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/03 12:23:53.0332 5360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 12:23:53.0379 5360 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/03 12:23:53.0441 5360 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/05/03 12:23:53.0504 5360 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
2011/05/03 12:23:53.0550 5360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/03 12:23:53.0582 5360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 12:23:53.0691 5360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/03 12:23:53.0753 5360 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 12:23:53.0800 5360 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 12:23:53.0831 5360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/03 12:23:53.0862 5360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/03 12:23:53.0894 5360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/03 12:23:53.0940 5360 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 12:23:53.0987 5360 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/03 12:23:54.0034 5360 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 12:23:54.0081 5360 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/03 12:23:54.0112 5360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 12:23:54.0159 5360 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/03 12:23:54.0206 5360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/03 12:23:54.0315 5360 IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/03 12:23:54.0393 5360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/03 12:23:54.0424 5360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 12:23:54.0471 5360 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 12:23:54.0502 5360 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/03 12:23:54.0533 5360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/03 12:23:54.0596 5360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 12:23:54.0627 5360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/03 12:23:54.0658 5360 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 12:23:54.0705 5360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 12:23:54.0736 5360 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 12:23:54.0767 5360 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 12:23:54.0814 5360 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/03 12:23:54.0845 5360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/03 12:23:54.0923 5360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 12:23:54.0986 5360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/03 12:23:55.0017 5360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/03 12:23:55.0048 5360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/03 12:23:55.0079 5360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/03 12:23:55.0126 5360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/03 12:23:55.0157 5360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/03 12:23:55.0188 5360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/03 12:23:55.0235 5360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/03 12:23:55.0266 5360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 12:23:55.0298 5360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 12:23:55.0344 5360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 12:23:55.0376 5360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 12:23:55.0407 5360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/03 12:23:55.0422 5360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 12:23:55.0469 5360 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 12:23:55.0516 5360 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 12:23:55.0563 5360 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 12:23:55.0594 5360 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 12:23:55.0625 5360 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/03 12:23:55.0656 5360 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/03 12:23:55.0750 5360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 12:23:55.0781 5360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/03 12:23:55.0812 5360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/03 12:23:55.0875 5360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 12:23:55.0906 5360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 12:23:55.0922 5360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 12:23:55.0968 5360 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 12:23:56.0015 5360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 12:23:56.0046 5360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 12:23:56.0078 5360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/03 12:23:56.0109 5360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/03 12:23:56.0171 5360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 12:23:56.0234 5360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/03 12:23:56.0280 5360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/03 12:23:56.0327 5360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 12:23:56.0343 5360 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 12:23:56.0374 5360 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 12:23:56.0421 5360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 12:23:56.0452 5360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 12:23:56.0499 5360 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 12:23:56.0577 5360 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/05/03 12:23:56.0639 5360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/03 12:23:56.0670 5360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 12:23:56.0702 5360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 12:23:56.0764 5360 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 12:23:56.0826 5360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/03 12:23:57.0170 5360 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/03 12:23:57.0529 5360 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/03 12:23:57.0778 5360 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/03 12:23:57.0825 5360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/03 12:23:57.0856 5360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/03 12:23:57.0965 5360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/03 12:23:57.0997 5360 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 12:23:58.0028 5360 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/03 12:23:58.0059 5360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/03 12:23:58.0090 5360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/03 12:23:58.0121 5360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/03 12:23:58.0153 5360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/03 12:23:58.0293 5360 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 12:23:58.0324 5360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/03 12:23:58.0355 5360 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 12:23:58.0402 5360 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/03 12:23:58.0465 5360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/03 12:23:58.0527 5360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/03 12:23:58.0558 5360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 12:23:58.0589 5360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 12:23:58.0636 5360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/03 12:23:58.0667 5360 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 12:23:58.0714 5360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 12:23:58.0745 5360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 12:23:58.0777 5360 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 12:23:58.0808 5360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/03 12:23:58.0839 5360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 12:23:58.0886 5360 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 12:23:58.0948 5360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 12:23:58.0979 5360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/03 12:23:59.0011 5360 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 12:23:59.0073 5360 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/03 12:23:59.0135 5360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 12:23:59.0198 5360 RTL8167 (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/03 12:23:59.0245 5360 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/03 12:23:59.0291 5360 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/03 12:23:59.0323 5360 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/03 12:23:59.0385 5360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 12:23:59.0447 5360 Ser2at (210285d5fdfb06fc25f889c7487cd4e2) C:\Windows\system32\DRIVERS\ser2at64.sys
2011/05/03 12:23:59.0479 5360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/03 12:23:59.0510 5360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/03 12:23:59.0541 5360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/03 12:23:59.0603 5360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/03 12:23:59.0635 5360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/03 12:23:59.0650 5360 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/03 12:23:59.0666 5360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/03 12:23:59.0728 5360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/03 12:23:59.0744 5360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/03 12:23:59.0791 5360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 12:23:59.0853 5360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/03 12:23:59.0915 5360 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 12:23:59.0962 5360 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 12:24:00.0025 5360 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 12:24:00.0071 5360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/03 12:24:00.0118 5360 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/03 12:24:00.0149 5360 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/03 12:24:00.0181 5360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 12:24:00.0290 5360 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 12:24:00.0399 5360 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 12:24:00.0446 5360 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 12:24:00.0477 5360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 12:24:00.0508 5360 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 12:24:00.0555 5360 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 12:24:00.0586 5360 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 12:24:00.0680 5360 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 12:24:00.0727 5360 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 12:24:00.0758 5360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/03 12:24:00.0805 5360 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 12:24:00.0867 5360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/03 12:24:00.0914 5360 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 12:24:00.0945 5360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/03 12:24:01.0007 5360 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/03 12:24:01.0054 5360 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/03 12:24:01.0085 5360 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 12:24:01.0132 5360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/03 12:24:01.0163 5360 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 12:24:01.0210 5360 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 12:24:01.0257 5360 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 12:24:01.0273 5360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 12:24:01.0304 5360 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 12:24:01.0335 5360 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 12:24:01.0429 5360 VBoxDrv (781f08d3bd8fc0d052bbf5b0ac25da40) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/05/03 12:24:01.0491 5360 VBoxNetAdp (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/05/03 12:24:01.0538 5360 VBoxNetFlt (d9713bc7825e499532805f7dd80797ec) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/05/03 12:24:01.0585 5360 VBoxUSBMon (44385ae4255f7bd14cee41b7cd627dfc) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/05/03 12:24:01.0616 5360 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/03 12:24:01.0663 5360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/03 12:24:01.0725 5360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 12:24:01.0756 5360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/03 12:24:01.0772 5360 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/03 12:24:01.0803 5360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/03 12:24:01.0850 5360 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/03 12:24:01.0881 5360 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/03 12:24:01.0928 5360 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/03 12:24:01.0975 5360 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 12:24:02.0006 5360 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/03 12:24:02.0053 5360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/03 12:24:02.0084 5360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/03 12:24:02.0115 5360 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/03 12:24:02.0146 5360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/03 12:24:02.0209 5360 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0224 5360 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0287 5360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/03 12:24:02.0318 5360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 12:24:02.0474 5360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/03 12:24:02.0521 5360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/03 12:24:02.0661 5360 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/03 12:24:02.0708 5360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/03 12:24:02.0770 5360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 12:24:02.0873 5360 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/03 12:24:02.0918 5360 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 12:24:03.0038 5360 ================================================================================
2011/05/03 12:24:03.0038 5360 Scan finished
2011/05/03 12:24:03.0038 5360 ================================================================================
|
|
03.05.2011, 12:59
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda Bank Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 14:15
| #11 |
| | Banking Trojaner? Sparda Bank Zwischendrin kam eine Windows-Fehlermeldung "REV.exe funktioniert nicht mehr richtig und wird geschlossen". CF selbst hat ganz schöne lange gedauert und folgendes Resultat geliefert: log.txt: Code:
ATTFilter ComboFix 11-05-02.04 - der Jipi 03.05.2011 14:26:15.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-03 bis 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31 -------- d-----w- c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36 119808 ----a-r- c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45 -------- d-----w- c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41 -------- d-----w- c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37 -------- d-----w- c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37 -------- d-----w- c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35 -------- d-----w- c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 15:07:45
ComboFix-quarantined-files.txt 2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1
C:/ComboFix.txt (Ich glaub da steht das gleiche drin): Code:
ATTFilter ComboFix 11-05-02.04 - der Jipi 03.05.2011 14:26:15.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-03 bis 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31 -------- d-----w- c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36 119808 ----a-r- c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45 -------- d-----w- c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41 -------- d-----w- c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37 -------- d-----w- c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37 -------- d-----w- c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35 -------- d-----w- c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 15:07:45
ComboFix-quarantined-files.txt 2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1
|
|
03.05.2011, 14:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda Bank Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 15:23
| #13 |
| | Banking Trojaner? Sparda Bank "GMER hasn't found any Entries", oder so ähnlich Und MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Foxconn
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: OEM
System Product Name: OEM
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 190):
0x02E64000 \SystemRoot\system32\ntoskrnl.exe
0x02E1B000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00CC4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D08000 \SystemRoot\system32\PSHED.dll
0x00D1C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00ED1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F75000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F84000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D7A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00D81000 \SystemRoot\System32\drivers\mountmgr.sys
0x010AE000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x011CC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011D5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01000000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0100B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01016000 \SystemRoot\system32\drivers\fltmgr.sys
0x01062000 \SystemRoot\system32\drivers\fileinfo.sys
0x01076000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00D9B000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01472000 \SystemRoot\System32\Drivers\cng.sys
0x014E5000 \SystemRoot\System32\drivers\pcw.sys
0x014F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01500000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x013C8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01805000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0184F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0185F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018AB000 \SystemRoot\System32\Drivers\spldr.sys
0x018B3000 \SystemRoot\System32\drivers\rdyboost.sys
0x018ED000 \SystemRoot\System32\Drivers\mup.sys
0x018FF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01908000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01942000 \SystemRoot\system32\DRIVERS\disk.sys
0x01958000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01996000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019C0000 \SystemRoot\System32\Drivers\Null.SYS
0x019C9000 \SystemRoot\System32\Drivers\Beep.SYS
0x019D0000 \SystemRoot\System32\drivers\vga.sys
0x01082000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019DE000 \SystemRoot\System32\drivers\watchdog.sys
0x019EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01988000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01460000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03CED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03CFE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03D1C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03D29000 \SystemRoot\system32\drivers\afd.sys
0x03DB3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03C45000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C54000 \SystemRoot\system32\DRIVERS\serial.sys
0x03C71000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C8C000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x03C98000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x03A2C000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
0x03A6C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A80000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03AD1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03ADD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AE8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03AF2000 \SystemRoot\System32\drivers\discache.sys
0x03B01000 \SystemRoot\system32\drivers\csc.sys
0x03B84000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BA2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03BB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03BD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0485C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05320000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02C37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02D2B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02D71000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02D95000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05322000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05378000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x02C11000 \SystemRoot\system32\DRIVERS\fdc.sys
0x02C1E000 \SystemRoot\system32\DRIVERS\serenum.sys
0x053B6000 \SystemRoot\system32\DRIVERS\parport.sys
0x053D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02C2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04824000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03CC8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x042CA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x042EB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04305000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x04327000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04332000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04341000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04350000 \SystemRoot\system32\DRIVERS\VClone.sys
0x0435F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x0438E000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x043B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x043B7000 \SystemRoot\system32\DRIVERS\ks.sys
0x04200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04212000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0426C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03ECB000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x040EA000 \SystemRoot\system32\drivers\portcls.sys
0x04127000 \SystemRoot\system32\drivers\drmk.sys
0x04149000 \SystemRoot\system32\drivers\ksthunk.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x0415D000 \SystemRoot\System32\drivers\Dxapi.sys
0x04169000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04177000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04190000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04199000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0419B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x041B8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x041C5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x041D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x03E00000 \SystemRoot\system32\drivers\luafv.sys
0x03E23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x03E40000 \SystemRoot\system32\drivers\WudfPf.sys
0x03E61000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03E76000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x041E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04281000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x034D2000 \SystemRoot\system32\drivers\HTTP.sys
0x0359A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x035B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x035D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0344E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03471000 \SystemRoot\System32\Drivers\adfs.SYS
0x06898000 \SystemRoot\system32\drivers\peauth.sys
0x0693E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06949000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06976000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06988000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06800000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D3A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08D9F000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77600000 \Windows\System32\ntdll.dll
0x48460000 \Windows\System32\smss.exe
0xFF920000 \Windows\System32\apisetschema.dll
0xFFC10000 \Windows\System32\autochk.exe
0xFF890000 \Windows\System32\difxapi.dll
0xFF840000 \Windows\System32\Wldap32.dll
0xFF710000 \Windows\System32\wininet.dll
0xFF690000 \Windows\System32\shlwapi.dll
0xFF5F0000 \Windows\System32\msvcrt.dll
0xFF5E0000 \Windows\System32\lpk.dll
0xFF4B0000 \Windows\System32\rpcrt4.dll
0xFF3E0000 \Windows\System32\usp10.dll
0x774E0000 \Windows\System32\kernel32.dll
0xFF2D0000 \Windows\System32\msctf.dll
0xFF2A0000 \Windows\System32\imm32.dll
0xFF1C0000 \Windows\System32\oleaut32.dll
0x777D0000 \Windows\System32\normaliz.dll
0xFF120000 \Windows\System32\comdlg32.dll
0xFF0D0000 \Windows\System32\ws2_32.dll
0xFEF50000 \Windows\System32\urlmon.dll
0xFEF30000 \Windows\System32\imagehlp.dll
0xFE1A0000 \Windows\System32\shell32.dll
0xFE180000 \Windows\System32\sechost.dll
0x773E0000 \Windows\System32\user32.dll
0xFDF70000 \Windows\System32\ole32.dll
0xFDD10000 \Windows\System32\iertutil.dll
0xFDCA0000 \Windows\System32\gdi32.dll
0xFDC90000 \Windows\System32\nsi.dll
0xFDBB0000 \Windows\System32\advapi32.dll
0x777C0000 \Windows\System32\psapi.dll
0xFD9D0000 \Windows\System32\setupapi.dll
0xFD930000 \Windows\System32\clbcatq.dll
Processes (total 57):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
480 csrss.exe
540 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\nvvsvc.exe
1208 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\spoolsv.exe
1452 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1500 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\taskhost.exe
1816 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1840 C:\Windows\System32\dwm.exe
1864 C:\Windows\explorer.exe
1952 C:\xampp\xampp\apache\bin\httpd.exe
796 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1156 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1192 C:\Windows\System32\conhost.exe
1536 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
1728 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1772 C:\Windows\System32\svchost.exe
2380 C:\Program Files\Java\jre6\bin\jusched.exe
2424 C:\xampp\xampp\apache\bin\httpd.exe
2440 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3088 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3096 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3364 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3740 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
3828 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3840 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3960 C:\Program Files\iPod\bin\iPodService.exe
2580 C:\Windows\System32\SearchIndexer.exe
4124 C:\Windows\System32\svchost.exe
4216 C:\Windows\System32\svchost.exe
5640 C:\Program Files\Windows Media Player\wmpnetwk.exe
4872 C:\Windows\System32\svchost.exe
1968 C:\Program Files\Java\jre6\bin\jucheck.exe
11104 C:\Windows\explorer.exe
8748 C:\Windows\System32\audiodg.exe
12152 C:\Windows\explorer.exe
11376 C:\Windows\System32\SearchProtocolHost.exe
11468 C:\Windows\System32\SearchFilterHost.exe
11876 C:\Users\der Jipi\Desktop\MBRCheck.exe
11900 C:\Windows\System32\conhost.exe
11672 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`27f55800 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000001c`13c68800 (NTFS)
PhysicalDrive0 Model Number: ST3500630A, Rev: 3.AAF
PhysicalDrive1 Model Number: HDS722525VLSA80, Rev: V36OA6MA
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
|
|
03.05.2011, 15:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Banking Trojaner? Sparda Bank Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 22:19
| #15 |
| | Banking Trojaner? Sparda Bank Hat ein wenig gedauert. Wie zuvor schon, hat er in einem dieser Uralten Ordner noch etwas gefunden. Ich würde vielleicht einfach den gesamten Ordner sicherheitshalber löschen? Macht das Sinn? Da ist eh nichts drin, was ich noch benötige: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6504
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
04.05.2011 15:53:39
mbam-log-2011-05-04 (15-53-39).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 600148
Laufzeit: 1 Stunde(n), 7 Minute(n), 55 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/04/2011 at 08:20 PM
Application Version : 4.51.1000
Core Rules Database Version : 6984
Trace Rules Database Version: 4796
Scan type : Complete Scan
Total Scan Time : 04:08:06
Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 13753
Registry threats detected : 0
File items scanned : 449193
File threats detected : 1
Trojan.Agent/Gen-Frauder
E:\SPIELPLATZ\AWESOM-O 3.5.6\REDVEX\LOGS\_STORELOGS.EXE
Geändert von der_jipi (04.05.2011 um 22:43 Uhr) |
|
| Themen zu Banking Trojaner? Sparda Bank |
| 64-bit, 7-zip, adobe, adobe after effects, analysis, antivir, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, canon, crystaldiskinfo, cs4/contributeieplugin.dll, ebanking, error, explorer, extras.txt, google, install.exe, location, logfile, mozilla, mozilla thunderbird, neu aufsetzen, oldtimer, photoshop, pixel, plug-in, problem, realtek, recuva, registry, richtlinie, rundll, saver, scan, schattenkopien, searchplugins, security, server, shortcut, software, start menu, stick, syswow64, tan-liste, third party, trojaner, trojaner?, virtualbox, webcheck, windows, winlogon.exe |
Linear-Darstellung
