|
Plagegeister aller Art und deren Bekämpfung: Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.05.2011, 09:19 | #1 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. Hallo, habe ein Problem. Nachdem ich gerade stutzig wurde, als ich beim Online-Banking aufgefordert wurde meine ganzen Tan-Codes einzugeben, hab ich den Zugang gleich sperren lassen und mein Antivirenprogramm (Avira AntiVir) übern Rechner laufen lassen. Der zeigt mir allerdings nichts an, was soll/kann ich nun tun? Gibt es ne Möglichkeit ohne den ganzen Rechner platt zu machen? Wäre über jede Hilfe dankbar. Geändert von piepmatz (04.05.2011 um 09:32 Uhr) |
04.05.2011, 10:13 | #2 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. erster suchlauf mit Malwarebytes Anti malware:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6502 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 04.05.2011 10:51:38 mbam-log-2011-05-04 (10-51-38).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158652 Laufzeit: 4 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 6 Infizierte Registrierungsschlüssel: 129 Infizierte Registrierungswerte: 10 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 19 Infizierte Dateien: 80 Infizierte Speicherprozesse: c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3772 -> Unloaded process successfully. c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 3780 -> Unloaded process successfully. Infizierte Speichermodule: c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} (Spyware.Passwords.XGen) -> Value: {4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Delete on reboot. c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal. c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal. c:\Users\Nine\AppData\Local\temp\0.6755298003055331.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Local\temp\0.6857674893277272.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Roaming\Uwwiqy\gafyb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Local\temp\0.6586186380127718.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Local\temp\0.8845911210532038.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Local\temp\0.7010358027266214.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Nine\AppData\Local\temp\0.7216463734854425.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. |
04.05.2011, 10:13 | #3 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. zweitr durchlauf:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6502 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 04.05.2011 11:11:05 mbam-log-2011-05-04 (11-11-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158180 Laufzeit: 3 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} (Trojan.ZbotR.Gen) -> Value: {4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal. |
04.05.2011, 10:22 | #4 |
/// Malware-holic | Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. hi stelle dich schon mal drauf ein, dass du neu aufsetzen musst. da du hier zb das sp2 noch hast, hat dein system wohl in letzter zeit keine updates gesehen, ist also nicht sonderlich verwunderlich das du trojaner auf dem pc hast. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.05.2011, 10:56 | #5 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2011 11:36:59 - Run 8 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 69,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS Drive D: | 137,33 Gb Total Space | 39,88 Gb Free Space | 29,04% Space Free | Partition Type: NTFS Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Download\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Stardock\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\CK Popup Killer\PKILL.EXE (CK Software) ========== Modules (SafeList) ========== MOD - D:\Download\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0 FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5 FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6 FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0 FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Mozilla Firefox\components [2011.05.01 09:46:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.05.01 09:46:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\program files\Mozilla Thunderbird\components [2011.05.02 10:32:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\program files\Mozilla Thunderbird\plugins [2010.02.10 12:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions [2010.02.10 12:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.01.09 16:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\postbox@postbox-inc.com [2011.05.02 10:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions [2010.06.01 09:17:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a} [2010.05.20 16:21:19 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} [2010.11.09 14:05:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.09 14:05:28 | 000,000,000 | ---D | M] (Facebook Chat History Manager) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\fbchathistory@firechm.com [2010.07.23 10:51:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\ffxtlbr@Facemoods.com [2010.11.09 14:05:25 | 000,000,000 | ---D | M] (شريط أدوات Ùيس بوك) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\firefox@facebook.com [2010.04.27 23:04:56 | 000,000,873 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\conduit.xml [2010.11.16 11:59:20 | 000,002,059 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\daemon-search.xml [2010.04.24 10:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.05.20 16:25:42 | 000,000,000 | ---D | M] (VMLoad) -- C:\MOZILLA FIREFOX\EXTENSIONS\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2010.05.12 17:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.03.10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2010.08.12 17:58:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..Trusted Domains: everestpoker.com ([account] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe - () MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software) MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2EE3FECF-7E3A-A41E-3B41-0F8E9F107B7D} - Internet Explorer ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.04 10:51:12 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\maleware [2011.04.28 09:32:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.28 09:32:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.28 09:32:01 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.15 15:39:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 15:39:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 15:39:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 15:39:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 15:39:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 15:39:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 15:39:28 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 15:39:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 15:39:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 15:39:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.15 15:39:27 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.15 15:39:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 15:39:22 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 15:39:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 13:03:48 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\Neuer Ordner [2011.04.13 22:47:12 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft [2009.12.10 14:57:34 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player10.0.42.34.exe ========== Files - Modified Within 30 Days ========== [2011.05.04 11:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.05.04 10:53:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.04 10:53:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.04 10:53:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.04 10:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.04 10:53:18 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2011.05.04 10:45:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.04 10:36:31 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.04 09:42:56 | 000,000,680 | ---- | M] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat [2011.05.01 18:11:49 | 000,153,600 | ---- | M] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.30 13:06:34 | 001,387,520 | ---- | M] () -- C:\Users\Nine\fbchathistory.dat [2011.04.16 03:33:08 | 002,195,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.16 03:10:12 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.16 03:10:12 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.16 03:10:12 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.16 03:10:12 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.08 21:30:41 | 000,038,320 | ---- | M] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2011.04.07 20:13:59 | 018,169,856 | ---- | M] () -- C:\Users\Nine\Documents\bewerbung portfolio.indd [2011.04.07 20:01:01 | 001,338,726 | ---- | M] () -- C:\Users\Nine\Desktop\bewerbungsportfolio.pdf ========== Files Created - No Company Name ========== [2011.05.04 10:36:31 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.07 19:49:23 | 001,338,726 | ---- | C] () -- C:\Users\Nine\Desktop\bewerbungsportfolio.pdf [2011.04.07 18:24:17 | 018,169,856 | ---- | C] () -- C:\Users\Nine\Documents\bewerbung portfolio.indd [2011.03.07 12:30:56 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini [2010.12.22 01:04:07 | 000,000,092 | ---- | C] () -- C:\Users\Nine\AppData\Local\fusioncache.dat [2010.10.12 17:59:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.12 17:59:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.08.12 15:51:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.12 15:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.12 15:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.12 15:51:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.12 15:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.10 21:30:36 | 000,001,745 | ---- | C] () -- C:\Windows\lsrslt.ini [2010.03.14 13:29:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.01.30 15:56:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.01.08 18:59:14 | 000,024,206 | ---- | C] () -- C:\Users\Nine\AppData\Roaming\UserTile.png [2009.12.21 18:42:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.12.15 16:57:13 | 000,000,680 | ---- | C] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat [2009.12.14 20:27:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.12.14 20:26:12 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.12.11 12:36:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.11 12:36:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.10 15:58:30 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2009.12.09 17:36:01 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2009.12.09 04:11:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.12.08 10:08:48 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2009.12.08 04:23:45 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE [2009.12.08 04:23:29 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009.12.08 04:23:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.12.08 04:23:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.12.08 04:23:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.12.08 04:23:27 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.12.08 03:49:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.12.07 22:28:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.12.07 21:57:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.07 19:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.12.07 19:19:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.07 19:06:28 | 000,153,600 | ---- | C] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.16 13:11:34 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 13:11:34 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,195,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe [2002.03.19 01:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL ========== LOP Check ========== [2010.02.25 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin [2010.11.07 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo [2010.11.16 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro [2010.01.30 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\avidemux [2011.04.14 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Azureus [2010.11.16 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite [2011.03.05 09:42:31 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox [2011.04.13 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft [2010.07.26 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.04 10:39:29 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Egyh [2010.04.08 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Facebook [2010.07.23 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla [2011.03.03 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ! [2011.02.10 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo [2010.08.30 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express [2010.12.22 01:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel [2010.04.23 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\MAXON [2010.10.01 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound [2010.08.12 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions [2010.05.12 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org [2010.08.08 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Opera [2010.02.01 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Passware [2010.01.09 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Postbox [2010.02.13 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache [2010.05.31 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter [2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird [2009.12.07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software [2011.05.04 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy [2010.05.25 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad [2011.05.04 11:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.05.04 10:52:34 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.22 16:38:47 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Adobe [2009.12.13 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ahead [2010.02.25 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin [2009.12.18 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Apple Computer [2010.11.07 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo [2010.11.16 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro [2009.12.07 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\ATI [2010.01.30 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\avidemux [2010.08.12 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Avira [2011.04.14 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Azureus [2010.11.16 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite [2010.03.22 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DivX [2010.11.09 14:32:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Download Manager [2011.03.05 09:42:31 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox [2011.04.13 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft [2010.07.26 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.04 10:39:29 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Egyh [2010.04.08 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Facebook [2010.07.23 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla [2011.03.03 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ! [2011.02.10 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo [2010.02.04 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\HP [2009.12.07 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Identities [2010.08.30 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express [2010.12.22 01:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel [2009.12.17 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\InstallShield [2009.12.07 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Macromedia [2010.08.11 10:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Malwarebytes [2010.04.23 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\MAXON [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Media Center Programs [2009.12.09 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Media Player Classic [2010.12.26 23:26:05 | 000,000,000 | --SD | M] -- C:\Users\Nine\AppData\Roaming\Microsoft [2009.12.07 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Mozilla [2010.10.01 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound [2010.09.04 14:35:38 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Nero [2010.08.12 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions [2010.05.12 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org [2010.08.08 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Opera [2010.02.01 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Passware [2010.01.09 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Postbox [2010.02.13 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache [2011.04.26 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Skype [2011.01.06 17:00:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\skypePM [2010.05.31 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter [2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird [2009.12.07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software [2011.05.04 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy [2010.05.25 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad [2009.12.08 01:24:00 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.10.04 08:56:04 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Nine\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.04.13 23:17:02 | 008,558,520 | ---- | M] (Vuze Inc.) -- C:\Users\Nine\AppData\Roaming\Azureus\tmp\AZU5337319355604020666.tmp\Vuze_4.6.0.4b_win32.exe [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.04.10 19:48:01 | 000,089,831 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.04.08 17:34:30 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Nine\AppData\Roaming\Facebook\uninstall.exe [2010.10.04 09:59:18 | 000,038,208 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.12.26 23:26:05 | 000,010,134 | R--- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe [2010.12.26 23:26:05 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 23:26:05 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 23:26:05 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 23:26:05 | 000,008,854 | R--- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.11.16 11:58:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
04.05.2011, 10:57 | #6 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.05.2011 11:36:59 - Run 8 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 69,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS Drive D: | 137,33 Gb Total Space | 39,88 Gb Free Space | 29,04% Space Free | Partition Type: NTFS Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2684614725-1401231723-2353267314-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{228227C2-90D9-4AF4-8573-92F40789B543}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3759C8FD-288C-4375-9338-144B7489D080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{5DC0259E-E3E9-4C3E-9B0C-10AA84761277}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{77F5F91A-8850-4BB8-B55F-D5F7FC0BB62C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B59F5A8-92D3-4C28-9817-3E61BDCC009D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B3046202-4CB0-4E13-ADFE-AF5938EB624A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF6598A5-195E-48DC-BC15-E1BFE967BDCA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CF7F02B5-100E-45E1-93BE-01516909D5BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E3BCFBA5-4C2A-4C94-B625-E6CFBBAAE060}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | "{EEACAF05-81AF-4D40-B7E2-4C5EA5E1ED87}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | "{FE4F37FE-0352-4360-B3AF-33AD0DE6AAB9}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07365381-3FB2-4F35-943C-CF01E3EDB0B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{07BBF3CC-7400-4FF0-A117-0E4CC83F7991}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B483577-36D2-46FA-AEF4-4C0BFECCE482}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12F3A1C9-7698-4CDE-9065-8E9384C63C51}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1929195F-3CDF-4673-8990-72446A226DC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{25BA6A57-F8E0-42A0-9682-B48632E570D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{26308D13-B04B-4117-93B7-02C0846AAA5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{29D42D7D-3399-4594-B8BA-00E4EE47D86E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33444915-EA41-4E4F-A272-E38BB886773E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{34875C2E-1DDB-442E-909D-BD8FD0203620}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{386734ED-8A74-44F4-B3D7-62427AB44579}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3BF96AB2-EA61-49BB-8A89-51648C15C61F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3D303AA9-A042-451A-AC5F-E8D7AAE6971E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3D88C44C-30DB-452D-800F-117007C7349E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{425B74BA-4DFA-48B4-BA19-2894DCAB3B03}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{452F80CD-333E-46EE-B16D-11C5A329C1EE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{45BDDB72-E107-49F0-8088-AB8402008DEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BDFAAC1-1EB9-49F8-909A-039E614A55E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BF8D7B7-99A4-4D08-A322-3783273EE647}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4F17BC15-68CF-439C-84D4-53E29CA85A7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{516D7492-29CB-44EC-97F6-5776F9EA625E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D2518BA-9C9B-425F-AFFE-A0C6B9424EC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D6B05A6-655B-4246-A956-39CE6860D279}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D6C6CC1-F615-4E5E-AE4C-AA3C08A8121F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E62857F-252D-4BCE-925E-D7E75823DCBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F77A831-00DF-4675-B3D3-477E4046B0C1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{633F43C0-6B01-4E2E-A112-BF77774603DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6438AE9C-F07C-4ADF-B6F8-54A46962D7FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{64D7B60C-178F-432E-A3DA-DAE701032E04}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{64DDA2CD-0657-4D16-8B32-EC5D1F2CFFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{666B9434-047F-47FE-B33F-34DFB4942650}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{67F726F8-BE5E-4FBB-9626-F0FEBADC4FE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{71BC942A-E5B6-4A7E-BFBB-956214305491}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{761CEB3E-D92D-49CF-A43F-3A71C69FFE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7C612A5A-D584-43D2-B4BE-39AA8DF8F880}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7CEDFB29-F975-43DE-B79B-DB379B205B31}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83CA8BE3-2C18-4AAF-8EA7-D7916D6B6395}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | "{846B9D67-B5D5-4FB3-AFCC-3D06DD0E6CAE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{87F0135F-0356-4D7B-ACF7-C09570F5596B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8B066DBB-0A76-4C7B-94AA-1B30079C0457}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C57F5F0-2C73-4AC5-BE71-ED0CAC99A728}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8E095CAC-01D4-40F3-9265-84BD3E31B87D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90C90F0C-C304-4E86-9B60-70068FE8C8B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{94852CDE-8063-4222-9B69-555DEAF4261C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB763976-EA0A-4C40-BC9F-902CE7A54798}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B1E64A3A-B475-4A9E-A1CA-6D45EA884D79}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{B3BDF225-490A-4CC9-8565-2BEF2636EF27}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B760B632-1069-465D-8FDE-33E530CC4164}" = protocol=6 | dir=in | app=d:\download\freeyoutubedownloader_setup.exe | "{BA6441F0-EEE6-4EEA-B5E5-48A59811A475}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BCF9D0EB-4974-473D-AC28-DDFAF728EB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0B3D26E-9215-4744-9D5B-45FE27D9E1A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0BEA619-A2A8-44DE-85BD-DAE49BAD54B2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{C60E8F53-AEA1-40C4-8554-9859FCE82BDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C93C4574-0335-436E-9743-8227F77DFCCC}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{CA0AA68D-3842-41AA-98BB-7F2E64C1E60D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{CC07DD16-C828-4AC1-8598-D016F4308D56}" = protocol=17 | dir=in | app=d:\download\freeyoutubedownloader_setup.exe | "{CD1AE4F6-46F3-4BE9-99B0-D987D17197B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CD698618-855D-4D31-B19F-C69AB0BAF71C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CE04B795-2F1D-499C-BD85-1C42EA5D46B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D052A1E0-B036-47AB-B4D7-653D790EEC59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D231D8EC-2627-4938-8A32-B7B2F8B1C119}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DC0B03DE-B720-49D5-984C-7EAEF2B8F1EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0BC2EE0-50E9-45B4-BA26-38C9A126EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E8BB4207-9041-4346-8F91-994ADAED4EBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EFBBFE00-17BC-4729-8DF5-82B61AA3AA71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F435733B-243A-4B45-AFA8-4D8CFF9D0FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7AAA242-5E33-4626-BDC9-0AF06423B42A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8F2DCFD-BC0A-45BF-B68C-82D08A7EB71B}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | "{FD7072D4-3504-42D9-9D6A-EAC22109F588}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{118F8712-CE42-479E-B096-AF5A918A9976}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{25DAC1A2-3BAB-46A4-8CD2-61438B5C88AF}C:\program files\fritz!dsl\webwaigd.exe" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "TCP Query User{7D9E8665-B0F8-4E3B-9392-2F6DE840CC16}C:\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\vuze\azureus.exe | "TCP Query User{8B468AB2-6E70-4E2F-8097-BE6F496A3AF7}C:\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\vuze\azureus.exe | "TCP Query User{B4BDC8F9-3DFD-4F4E-9907-BC945451500E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{BCE342E3-6164-4729-984B-44D78EB759E2}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe | "TCP Query User{BD758721-4EB1-4FA5-9D3B-8D620C69D88F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{FC265E78-9557-48FD-A6EF-E12BF85961C2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{3089E17E-0DA4-4021-9C8F-216C10364CB5}C:\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\vuze\azureus.exe | "UDP Query User{37204949-4DED-4D2C-B63C-276AA278559B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{4063E4C1-6E53-41B5-AB39-F80E2836B253}C:\program files\fritz!dsl\webwaigd.exe" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "UDP Query User{62B96F8D-BA0B-49D3-BF20-CA4C3E12903B}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe | "UDP Query User{6713F2B1-3C15-43A7-B03E-2E02A5FF642F}C:\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\vuze\azureus.exe | "UDP Query User{6AA1F583-4DEA-4F18-AF61-562585A9B684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{A2478E23-9414-425E-AF44-B3069D9425E2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{E7FD601C-C98A-49A9-A1F5-220893929CD1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FF67793-E2DD-1236-EFEF-B824EBDA5B52}" = Catalyst Control Center Localization Polish "{214C7365-6784-6853-628E-6604103A0247}" = Catalyst Control Center Localization Portuguese "{231C675A-8562-1EF5-DE7D-41F4AEBA3A37}" = Catalyst Control Center Localization Thai "{245E9AB4-6C2A-EBCC-2BC9-70CAAD856B9C}" = CCC Help Hungarian "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2719507C-D78E-87BB-1CE3-0E351F99D64A}" = CCC Help French "{286E71F1-821D-BBE8-1B60-D0A6F03EE82B}" = CCC Help Chinese Standard "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C1277FA-34FE-44EC-CC48-862EC137A584}" = Catalyst Control Center Localization Czech "{2C2ED5A2-E046-C7DF-672B-0C3BCC3A1D60}" = ccc-utility "{361D3AB1-5C5E-15AA-4382-DBAE7384D7D8}" = Catalyst Control Center Localization Japanese "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3BAC598D-C2E4-6CCE-65BC-C4709A7DBB04}" = CCC Help Turkish "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{44D0A886-91FE-7A81-71A0-CE66E8B95426}" = CCC Help Swedish "{451D50B6-D630-9AC1-0981-F6C58889D6E8}" = CCC Help Russian "{45515FC6-0263-9408-BCFF-87E164A065A8}" = CCC Help Japanese "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4C391BD8-87F8-4FCF-A08E-2351F3E69EC4}" = Die Gilde 2 "{4D1677F7-E189-F455-AAF6-3439CB879257}" = Catalyst Control Center Localization Dutch "{4F0A679F-9F18-D18E-D1DA-0EF611692995}" = Catalyst Control Center Localization Hungarian "{4F0AC4C6-5F8F-A0C7-146D-77D27659D90B}" = CCC Help Thai "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5A834AA0-CE50-603C-8D05-F644274B4BAD}" = Catalyst Control Center Localization Danish "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D1691A3-3AD3-B3A4-447C-1A3F87DD94EA}" = CCC Help Polish "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7234E703-6517-DE1C-6B03-86728C47AB7A}" = Catalyst Control Center Localization French "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7B1E6C9F-FFC7-433C-788C-B4DB6FC9146B}" = Catalyst Control Center Localization Chinese Standard "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content "{7FD2C37F-6564-DDD4-2338-945E5F10635D}" = Catalyst Control Center Localization Greek "{80ABB113-F67B-5CF6-819B-F55E663A96F4}" = CCC Help German "{80EA885E-061F-6805-6F1D-C8DBE84283CB}" = Catalyst Control Center Graphics Full New "{837AA808-588A-EFC8-0955-EA23BB3A6280}" = CCC Help Italian "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8404FEDE-568F-35A2-1563-61139CF5B99F}" = Catalyst Control Center Localization Spanish "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{852F2CDB-1B2F-1E45-D09E-E850FEA70657}" = Catalyst Control Center Localization Italian "{86563514-906B-D3F7-98CA-E154666CC6BB}" = CCC Help Portuguese "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D2E6EA4-90A9-D5B2-211A-223684DFEC4B}" = CCC Help Dutch "{8DEA8183-7317-0797-5A83-E40F2E988D3D}" = Catalyst Control Center Localization Norwegian "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FC2E6EA-8399-1FCE-33E8-BB5685110EF1}" = Catalyst Control Center Localization Chinese Traditional "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9372A5A0-DA43-0B28-6F7A-C02018D8C015}" = Catalyst Control Center InstallProxy "{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C857D09-9AC7-FAAF-B91C-47E4BFE8F7E8}" = Catalyst Control Center Localization Swedish "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9FC3FB5F-8F79-8166-4A8A-C59A36DF7310}" = Catalyst Control Center Localization Russian "{A1DAE112-53CC-B5E9-D4A5-FD383966C4F8}" = CCC Help Korean "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A33C95D7-FCDC-6823-DCE8-B9667D4026FD}" = Catalyst Control Center Graphics Previews Vista "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BC0F1E-FC74-5B0D-09D0-2EA7CE793EE4}" = Catalyst Control Center Localization German "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B52B655B-B378-79F5-E7F9-FD6647D021E8}" = CCC Help Greek "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6B618F6-AFF4-8832-EBC1-E70BE7DAA0B4}" = Catalyst Control Center Core Implementation "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BA129E42-C13D-CB59-52E6-1F4E750631E7}" = CCC Help English "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BDEB7654-9222-AFB6-68B2-AE24F21BDD5B}" = Catalyst Control Center Localization Finnish "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C583DF04-374E-D0FC-702B-3C5A85CD7383}" = Catalyst Control Center Graphics Light "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C817EDF4-88AF-CE4B-FCB0-EEC15672D789}" = Catalyst Control Center Localization Korean "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{C9A00B1D-AB31-4FE9-EA46-4AEE0C4988D9}" = Skins "{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3 "{CA123D54-A120-C0FE-5B60-458A8F7A1A37}" = ATI Catalyst Install Manager "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD3A9BCA-BD0C-BEC5-36EA-8DE25F4B11E8}" = CCC Help Norwegian "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE459BDE-0245-B8DF-078E-31FAE61F13E9}" = CCC Help Spanish "{CE95B2E3-B55F-CCF7-9ABA-208ADB428D64}" = Catalyst Control Center Localization Turkish "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D0E47B98-2E34-EACC-0B69-7884E63ECAC9}" = CCC Help Czech "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D4968BAE-7C1D-5C90-74C9-C0843D4F7215}" = Catalyst Control Center Graphics Previews Common "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow "{DA174B69-0AD8-F0C4-1998-B0B1373C81B6}" = CCC Help Finnish "{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup "{E07C7495-319D-0274-29F3-9D005A885A16}" = CCC Help Danish "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E77572A5-75D0-AB7A-3DDF-2C9DF57A663E}" = Catalyst Control Center Graphics Full Existing "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{ED228BF3-3BE1-F42D-4F66-BF6472A6E013}" = ccc-core-static "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F6D1138C-C997-E7F6-9252-353E31698561}" = CCC Help Chinese Traditional "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "8461-7759-5462-8226" = Vuze "8461-7759-5462-8226-1" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content "Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "CK Popup Killer" = CK Popup Killer "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Everest Poker" = Everest Poker (Remove Only) "FileZilla Client" = FileZilla Client 3.3.2.1 "FormatFactory" = FormatFactory 2.20 "Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch "GhostMouse 2.0" = GhostMouse 2.0 "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MAXONB6EC381C" = CINEMA 4D 11.514 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "ObjectDock" = ObjectDock "Uninstall_is1" = Uninstall 1.0.0.1 "WavePad" = WavePad Audiobearbeitungs-Software "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.04.2011 04:16:01 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 18.04.2011 15:46:07 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 18.04.2011 15:49:57 | Computer Name = Nine-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c, Prozess-ID 0x738, Anwendungsstartzeit 01cbfe010bbc4f50. Error - 18.04.2011 15:50:24 | Computer Name = Nine-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c, Prozess-ID 0xd90, Anwendungsstartzeit 01cbfe01ce067040. Error - 18.04.2011 15:50:47 | Computer Name = Nine-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c, Prozess-ID 0x948, Anwendungsstartzeit 01cbfe01deb7d0a0. Error - 21.04.2011 09:33:07 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 21.04.2011 13:55:01 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 03:40:32 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 04:06:52 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 05:11:01 | Computer Name = Nine-PC | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 27.04.2011 04:40:00 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.04.2011 04:29:17 | Computer Name = Nine-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.04.2011 um 23:43:44 unerwartet heruntergefahren. Error - 30.04.2011 04:31:05 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 01.05.2011 07:39:35 | Computer Name = Nine-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.05.2011 um 12:51:17 unerwartet heruntergefahren. Error - 01.05.2011 07:41:08 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 01.05.2011 07:42:06 | Computer Name = Nine-PC | Source = Service Control Manager | ID = 7031 Description = Error - 02.05.2011 03:52:26 | Computer Name = Nine-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 02.05.2011 um 00:01:46 unerwartet heruntergefahren. Error - 02.05.2011 03:53:52 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 04.05.2011 04:41:37 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 04.05.2011 04:54:24 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = [ TuneUp Events ] Error - 12.08.2010 04:41:36 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 10:41:36', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','3800',0) Error - 12.08.2010 04:56:41 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 10:56:41', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','2456',0) Error - 12.08.2010 05:27:37 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:27:37', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','2216',0) Error - 12.08.2010 05:27:42 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:27:42', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','2788',0) Error - 12.08.2010 05:48:23 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:48:23', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','2908',0) Error - 12.08.2010 06:43:56 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 12:43:56', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','1624',0) Error - 12.08.2010 06:44:21 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 12:44:21', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','1612',0) Error - 04.05.2011 04:36:24 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:36:24', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','4228',0) Error - 04.05.2011 04:41:12 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:41:12', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','1924',0) Error - 04.05.2011 04:43:12 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:43:12', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','1600',0) < End of report > |
04.05.2011, 11:05 | #7 |
/// Malware-holic | Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. sorry erst mal, hatte mich verlesen, du hast ja vista, kein xp. noch ein log, dann machen wir die datensicherung bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.05.2011, 11:33 | #8 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. Combofix Logfile: Code:
ATTFilter ComboFix 11-05-03.03 - 04.05.2011 12:22:26.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1857 [GMT 2:00] ausgeführt von:: d:\download\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\f3PSSavr.scr . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-04 bis 2011-05-04 )))))))))))))))))))))))))))))) . . 2011-05-04 10:27 . 2011-05-04 10:27 -------- d-----w- c:\users\Nine\AppData\Local\temp 2011-05-04 10:27 . 2011-05-04 10:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-05-04 10:27 . 2011-05-04 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-03 08:22 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5BA51B2-D842-45BB-A345-9D1F246C2E3D}\mpengine.dll 2011-04-28 07:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-28 07:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-28 07:32 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-13 20:47 . 2011-04-13 20:47 -------- d-----w- c:\users\Nine\AppData\Roaming\DVDVideoSoft . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-17 10:02 . 2010-08-11 21:59 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-03 15:40 . 2011-04-28 07:32 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-28 07:32 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-28 07:32 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-28 07:32 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 11:42 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 11:42 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 11:42 797696 ----a-w- c:\windows\system32\FntCache.dll 2009-12-10 08:38 . 2009-12-10 12:57 1924200 ----a-w- c:\program files\install_flash_player10.0.42.34.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "CK POPUP KILLER"="c:\ck popup killer\PKILL.EXE" [2001-05-14 1241088] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-17 6253088] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\stardock\ObjectDock\ObjectDock.exe [2009-12-7 3444008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CK POPUP KILLER] 2001-05-14 23:35 1241088 ----a-w- c:\ck popup killer\PKILL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-08-30 01:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "sta"=rundll32 "ktsop.dll",,Run "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684614725-1401231723-2353267314-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 136176] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-16 691696] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344] S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners . 2011-05-04 c:\windows\Tasks\1-Klick-Wartung.job - c:\tuneup utilities 2009\OneClickStarter.exe [2008-12-11 18:07] . 2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 06:38] . 2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 06:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE: An vorhandenes PDF anfügen - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html LSP: c:\program files\FRITZ!DSL\\sarah.dll Trusted Zone: everestpoker.com\account FF - ProfilePath - c:\users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 0 FF - Ext: VMLoad: {464F169E-ACE1-4C5F-A778-A433A3DABBAE} - c:\mozilla firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: YouTube Downloader for Facebook: {2122962a-1424-fffe-19af-bba2ef3eff4a} - %profile%\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a} FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-04 12:27 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2011-05-04 12:30:22 ComboFix-quarantined-files.txt 2011-05-04 10:30 ComboFix2.txt 2010-08-17 09:17 ComboFix3.txt 2010-08-12 14:05 . Vor Suchlauf: 22 Verzeichnis(se), 74.641.608.704 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 75.132.579.840 Bytes frei . - - End Of File - - 8F529389CF0CAB292E70EAD56BEE8A56 |
04.05.2011, 14:24 | #9 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. hallo, muss ich jetzt noch was machen oder ist alles beseitigt? |
04.05.2011, 14:32 | #10 |
/// Malware-holic | Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. 1. habe ich ein privat leben, also nicht gleich rum stressen wenn du nicht nach 2 stunden gleich ne antwort bekommst, zumal du hier nicht der einzige bist. 2. wollte ich mir die logs aus einem grund ansehen, um zu wissen ob wir in ruhe, ohne weitere maßnamen neu aufsetzen können. der trojaner ist nicht beseitigt, du musst jetzt folgendes tun: - daten sichern: sichere alle persönlichen daten, fotos bilder dokumente, nichts aus tauschbörsen, nichts illegales, auf ne externe festplatte, rolinge, oder usb stick. - danach werden wir das system formatieren und neu aufsetzen. - dann, falls gewünscht, können wir das system noch absichern. da währen einige maßnamen die du treffen solltest, damit in zukunft keine malware mehr aktiev wird auf diesem pc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.05.2011, 14:37 | #11 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. Entschuldigung..aber warum motzt du mich denn hier so an? hast da wohl was falsch verstanden..wollte nicht rumstressen. Hatte lediglich gehofft, dass alles weg ist und ich wieder beruhigt sein kann, kenn mich ja in der Materie nich aus.. |
04.05.2011, 14:44 | #12 |
/// Malware-holic | Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. hi, nein du kannst nicht beruhigt sein, solche malware nimmt weitreichende enderungen am pc vor. deswegen ist ein sicheres system nur dann wiederhergestellt, nach dem es formatiert und neu aufgesetzt ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.05.2011, 14:50 | #13 |
| Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. ok...scheiße na dann muss ich mir jetzt erstmal ne externe Festplatte besorgen, um meine ganzen Daten zu sichern..Rohlinge und USB Sticks werden da wohl nicht ausreichen.. Würd mich dann wieder melden, sobald ich alles sichern konnte. danke erstmal soweit für die Hilfe.. |
04.05.2011, 14:51 | #14 |
/// Malware-holic | Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. es ist sowieso immer gut, ne externe sicherung zu haben, wenn deine festplatte mal kaputt ist, kostet ne daten rettung einige hundert E€. ok meld dich dann, wenn du so weit bist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. |
antivirenprogramm, avira, avira antivir, dankbar, e-banking, einzugeben, laufe, laufen, möglichkeit, nichts, online, online-banking, onlinebanking, platt, programm, rechner, sperre, sperren, trojaner, virenprogram, virenprogramm, zugang |