Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Sparkassen Trojaner itan Eingabe

Sparkassen Trojaner itan Eingabe


Plagegeister aller Art und deren Bekämpfung: Sparkassen Trojaner itan Eingabe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 23.05.2011, 20:35   #1
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Hi,

ich wollte auf mein Online Banking und da kommt ein Fenster das ich meine itans eingeben soll.. Ich habe direkt gemerkt das da was nicht stimmt denn ich bentuze das smstan verfahren und habe somit die anderen tans gar nicht ^^..

"
Sehr geehrter Benutzer, die Laufzeit der iTAN-Liste für Ihr account beträgt 30 Tagen. Bitte bestätigen Sie Ihre gültige iTAN-Liste, damit wir für Sie eine neue Karte vorbereiten könnten. Um Ihre Liste zu bestätigen, füllen Sie die Form unten und drücken Sie die Taste "Anmelden".

"

Wie bekomme ich den blöden Trojaner wieder weg?!

Danke schonmal

Alt 23.05.2011, 21:36   #2
kira
/// Helfer-Team
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________

__________________
Alt 29.05.2011, 20:25   #3
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6657

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

29.05.2011 20:56:36
mbam-log-2011-05-29 (20-56-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Durchsuchte Objekte: 326963
Laufzeit: 1 Stunde(n), 11 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\....\downloads\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
__________________
Alt 29.05.2011, 20:36   #4
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.05.2011 21:29:17 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\....\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 35,89% Memory free
7,73 Gb Paging File | 4,25 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,39 Gb Total Space | 173,86 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive E: | 220,62 Gb Total Space | 220,01 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
Drive F: | 7,40 Gb Total Space | 6,78 Gb Free Space | 91,66% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\CHRIST~1\AppData\Local\Temp\99YB885.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAWFwk) -- c:\Programme\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.12 00:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.25 11:58:06 | 000,000,000 | ---D | M]
 
[2011.02.24 19:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2011.05.23 23:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions
[2011.04.29 20:18:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.16 18:18:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.20 12:04:56 | 000,000,000 | ---D | M] (Copy ShortURL) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\jid0-ODIKJS9b4IT3H1NYlPKr0NDtLuE@jetpack
[2011.04.20 11:53:10 | 000,002,567 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\askcom.xml
[2011.05.23 23:40:41 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-1.xml
[2011.03.30 14:23:42 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-2.xml
[2011.04.18 12:03:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-3.xml
[2011.04.20 11:53:04 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-4.xml
[2011.04.29 20:18:14 | 000,000,168 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin.gif
[2011.04.29 20:18:14 | 000,000,618 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin.src
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin.xml
[2011.04.18 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.24 21:54:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\EXTENSION@CIUVO.COM.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011.04.29 20:18:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110512002306.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512002306.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW] C:\rgotgktjgbt\rgotgktjgbt.exe (ntab)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 18:30:47 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.26 18:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.05.25 23:04:21 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.05.23 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2011.05.23 22:48:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.23 22:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.23 22:48:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.23 22:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.23 22:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.23 22:24:09 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.05.23 22:24:09 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.05.23 22:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.23 22:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.05.18 14:30:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.18 14:30:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.14 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\elsterformular
[2011.05.14 17:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011.05.14 17:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.05.14 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.05.11 20:11:50 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 20:11:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 20:11:49 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 20:10:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 20:10:44 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.09 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.09 21:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.05.03 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Touch Software Suite
[2011.05.01 17:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2011.05.01 17:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radiotracker
[2011.04.30 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Musik
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.29 18:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.26 22:50:26 | 001,500,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.26 22:50:26 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.26 22:50:26 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.26 22:50:26 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.26 22:50:26 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.26 18:36:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.26 18:36:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.26 18:30:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.26 18:27:50 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.23 22:48:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 22:24:27 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.14 17:36:10 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.05.10 19:52:51 | 513,361,090 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.04 17:16:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.05.01 17:28:10 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Radiotracker.lnk
[2011.05.01 01:30:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
 
========== Files Created - No Company Name ==========
 
[2011.05.23 22:48:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 22:24:27 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.14 17:36:10 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.05.10 19:52:51 | 513,361,090 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.04 17:16:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.05.01 17:28:10 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Radiotracker.lnk
[2011.05.01 01:30:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011.04.18 11:13:13 | 000,000,046 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\FactoryInstaller.xml
[2011.03.10 21:29:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.02 01:29:06 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.26 19:24:20 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.02.19 02:01:24 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.18 17:19:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.05.19 12:27:46 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

< End of report >
--- --- ---
Alt 29.05.2011, 20:39   #5
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Punkt 3 geht nicht da ich Win 7 habe


Alt 30.05.2011, 07:21   #6
kira
/// Helfer-Team
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


verwende die Option für Vista!

ausserdem:
fehlt noch von OTL: Extras.txt
__________________
--> Sparkassen Trojaner itan Eingabe

Alt 30.05.2011, 22:56   #7
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Code:
ATTFilter
--------- 0  
 26.02.2011 12:51     C:\Users\CHRIST~1\AppData\Local\Temp\5F78F4EA-17F7-4E28-9E91-B00579621DA6.jpeg --------- 3731  
 26.02.2011 12:49     C:\Users\CHRIST~1\AppData\Local\Temp\53228FBE-635E-4053-83AB-D7A285473CB8.jpeg --------- 2689  
 26.02.2011 12:49     C:\Users\CHRIST~1\AppData\Local\Temp\450CA880-4DC5-4DC1-A610-0CF1B1620303.jpeg --------- 3731  
 26.02.2011 12:39     C:\Users\CHRIST~1\AppData\Local\Temp\~DF018A66404EA3BE31.TMP --------- 540672  
 26.02.2011 12:38     C:\Users\CHRIST~1\AppData\Local\Temp\C07A9810-C307-4BDD-9A51-373D5283AE73.jpeg --------- 78132  
 26.02.2011 12:35     C:\Users\CHRIST~1\AppData\Local\Temp\E42D2B81-7387-46F8-8C6A-44E48E891A8F.jpeg --------- 13568  
 26.02.2011 12:29     C:\Users\CHRIST~1\AppData\Local\Temp\04B15584-2044-46E1-A091-B1811E433247.jpeg --------- 48614  
 26.02.2011 03:48     C:\Users\CHRIST~1\AppData\Local\Temp\9174872D-B9EA-469B-83BF-427D938E52C4.png --------- 330566  
 26.02.2011 03:47     C:\Users\CHRIST~1\AppData\Local\Temp\6F21956B-CFE1-4BF2-B0C1-09F1A465B0FD.png --------- 330566  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\44BD4426-DEC7-4DF7-9284-4840EFDDA432.jpeg --------- 44661  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\7966CEB6-8CE6-44E5-B363-8AC5FA0B5646.jpeg --------- 50948  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\782C6CFF-DA5C-4549-B2ED-948ED3607697.jpeg --------- 50948  
 26.02.2011 03:35     C:\Users\CHRIST~1\AppData\Local\Temp\431F06C6-3C3F-4F02-891A-3A13C7911267.jpeg --------- 45889  
 26.02.2011 03:23     C:\Users\CHRIST~1\AppData\Local\Temp\2162D64A-B403-4E0A-BC0D-62594EC9327C.jpeg --------- 20263  
 26.02.2011 03:21     C:\Users\CHRIST~1\AppData\Local\Temp\FFB1BA7F-C7EB-4548-A013-2317FD8D1BDB.jpeg --------- 56371  
 26.02.2011 03:14     C:\Users\CHRIST~1\AppData\Local\Temp\FBE59638-A643-47AD-A5A1-9298DC1655F7.jpeg --------- 23387  
 26.02.2011 03:09     C:\Users\CHRIST~1\AppData\Local\Temp\0159AAB4-BC38-40D8-B8B2-FC0A0A451E69.jpeg --------- 20263  
 26.02.2011 03:06     C:\Users\CHRIST~1\AppData\Local\Temp\3D81A214-A398-4B59-8A73-8ADD8E4820D8.jpeg --------- 20263  
 26.02.2011 01:56     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic6.tmp --------- 0  
 25.02.2011 20:35     C:\Users\CHRIST~1\AppData\Local\Temp\plugtmp --------- 0  
 25.02.2011 19:42     C:\Users\CHRIST~1\AppData\Local\Temp\~DF7510CE26D72E9A4B.TMP --------- 212992  
 25.02.2011 19:28     C:\Users\CHRIST~1\AppData\Local\Temp\RarSFX0 --------- 0  
 25.02.2011 19:19     C:\Users\CHRIST~1\AppData\Local\Temp\ImportFromA4_20110225_181917_E84.txt --------- 1272  
 25.02.2011 01:11     C:\Users\CHRIST~1\AppData\Local\Temp\MultiMeterD124.gadget.~0000 --------- 1197389  
 25.02.2011 01:10     C:\Users\CHRIST~1\AppData\Local\Temp\TechnoBaseFM.Gadget.~0000 --------- 72803  
 25.02.2011 01:04     C:\Users\CHRIST~1\AppData\Local\Temp\kie06yfp.bmp --------- 8294454  
 25.02.2011 01:02     C:\Users\CHRIST~1\AppData\Local\Temp\4j2z2cch.bmp --------- 3145782  
 25.02.2011 01:01     C:\Users\CHRIST~1\AppData\Local\Temp\bunsa91r.bmp --------- 9216054  
 25.02.2011 01:00     C:\Users\CHRIST~1\AppData\Local\Temp\5ua22ahy.bmp --------- 16960054  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0004 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0001 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0005 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0003 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0006 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0000 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0002 --------- 97883  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0003 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0001 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0000 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0002 --------- 184194  
 25.02.2011 00:49     C:\Users\CHRIST~1\AppData\Local\Temp\RadioCenter.v1.0.8.gadget.~0000 --------- 1242804  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\JAUReg.log --------- 320  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\java_install_reg.log --------- 4654  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\java_install.log --------- 29234  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistUI0642.txt --------- 11700  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistMSI0642.txt --------- 367248  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistUI05D6.txt --------- 11636  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistMSI05D6.txt --------- 386378  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\PCW637.xml --------- 740  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\PCW637.tmp --------- 0  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\{4bf9a4c3-7d26-462f-9285-f133a857a832} --------- 0  
 24.02.2011 21:47     C:\Users\CHRIST~1\AppData\Local\Temp\{c6dfc7c9-9508-4f90-9787-f140517c7cd9} --------- 0  
 24.02.2011 21:46     C:\Users\CHRIST~1\AppData\Local\Temp\PCWB71E.tmp --------- 0  
 24.02.2011 21:46     C:\Users\CHRIST~1\AppData\Local\Temp\PCWB71E.xml --------- 740  
 24.02.2011 21:32     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic5.tmp --------- 0  
 24.02.2011 21:11     C:\Users\CHRIST~1\AppData\Local\Temp\_ir_tu2_temp_0 --------- 0  
 24.02.2011 21:02     C:\Users\CHRIST~1\AppData\Local\Temp\OOBE(2011022420022017D4).log --------- 5184  
 24.02.2011 21:00     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic4.tmp --------- 0  
 24.02.2011 20:29     C:\Users\CHRIST~1\AppData\Local\Temp\tmpA67D.tmp --------- 1797  
 24.02.2011 20:19     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic3.tmp --------- 0  
 24.02.2011 20:09     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic2.tmp --------- 0  
 24.02.2011 19:21     C:\Users\CHRIST~1\AppData\Local\Temp\java_install_sp.log --------- 1231  
 24.02.2011 19:21     C:\Users\CHRIST~1\AppData\Local\Temp\MSN25D9.tmp --------- 0  
 24.02.2011 19:19     C:\Users\CHRIST~1\AppData\Local\Temp\jinstall.cfg --------- 1275  
 24.02.2011 19:11     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic1.tmp --------- 0  
 24.02.2011 18:42     C:\Users\CHRIST~1\AppData\Local\Temp\Messenger Companion --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic.tmp --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\Log --------- 0  
 24.02.2011 18:34     C:\Users\CHRIST~1\AppData\Local\Temp\TAS586B.tmp --------- 0  
 10.02.2011 02:48     C:\Users\CHRIST~1\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe --------- 885536  
 13.08.2010 20:19     C:\Users\CHRIST~1\AppData\Local\Temp\MSN25D9.exe --------- 468232  
----------------------------------------

 
C:\Program Files

 25.04.2011 11:59     C:\Program Files\iTunes --------- 0  
 25.04.2011 11:59     C:\Program Files\iPod --------- 0  
 25.04.2011 11:57     C:\Program Files\Common Files --------- 4096  
 25.04.2011 11:57     C:\Program Files\Bonjour --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Sidebar --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Mail --------- 0  
 19.04.2011 12:02     C:\Program Files\DVD Maker --------- 0  
 19.04.2011 12:02     C:\Program Files\Internet Explorer --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Portable Devices --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Media Player --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Journal --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Photo Viewer --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Defender --------- 4096  
 04.03.2011 19:26     C:\Program Files\Windows Live --------- 0  
 02.03.2011 01:28     C:\Program Files\Microsoft Office --------- 0  
 24.02.2011 18:32     C:\Program Files\Gemeinsame Dateien --------- 0  
 24.02.2011 18:32     C:\Program Files\Windows NT --------- 4096  
 19.02.2011 02:15     C:\Program Files\Synaptics --------- 0  
 19.02.2011 02:06     C:\Program Files\Dell Games Folder --------- 0  
 19.02.2011 01:03     C:\Program Files\Microsoft Games --------- 4096  
 19.02.2011 00:56     C:\Program Files\mcafee --------- 4096  
 19.02.2011 00:56     C:\Program Files\mcafee.com --------- 0  
 19.02.2011 00:40     C:\Program Files\Dell --------- 0  
 19.02.2011 00:39     C:\Program Files\WIDCOMM --------- 0  
 19.02.2011 00:36     C:\Program Files\Roxio --------- 0  
 19.02.2011 00:31     C:\Program Files\dell stage --------- 0  
 19.02.2011 00:26     C:\Program Files\Dell Inc --------- 0  
 19.02.2011 00:26     C:\Program Files\Java --------- 0  
 18.02.2011 17:19     C:\Program Files\Realtek --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Neu    
Christian    
Default    
Public    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         2.204 K
smss.exe                       336 Services                   0           488 K
csrss.exe                      572 Services                   0         2.092 K
wininit.exe                    636 Services                   0           368 K
csrss.exe                      664 Console                    1         8.400 K
services.exe                   704 Services                   0        42.920 K
lsass.exe                      720 Services                   0        30.180 K
lsm.exe                        728 Services                   0         3.772 K
winlogon.exe                   796 Console                    1        25.292 K
svchost.exe                    880 Services                   0        42.392 K
svchost.exe                    996 Services                   0        29.168 K
atiesrxx.exe                   368 Services                   0         1.848 K
svchost.exe                    592 Services                   0        78.304 K
svchost.exe                    652 Services                   0       226.852 K
svchost.exe                    896 Services                   0       102.484 K
svchost.exe                   1116 Services                   0        45.836 K
svchost.exe                   1204 Services                   0        49.752 K
WLTRYSVC.EXE                  1284 Services                   0           428 K
wlanext.exe                   1420 Services                   0         1.720 K
conhost.exe                   1428 Services                   0           192 K
BCMWLTRY.EXE                  1480 Services                   0        18.680 K
spoolsv.exe                   1536 Services                   0        37.380 K
atieclxx.exe                  1576 Console                    1         2.844 K
sched.exe                     1592 Services                   0         1.980 K
svchost.exe                   1832 Services                   0        41.428 K
AERTSr64.exe                  1960 Services                   0           420 K
avguard.exe                   1988 Services                   0        21.040 K
AppleMobileDeviceService.     2016 Services                   0         4.740 K
mDNSResponder.exe             1064 Services                   0         2.648 K
btwdins.exe                   1192 Services                   0         3.240 K
ICQ Service.exe               1352 Services                   0           744 K
avshadow.exe                  1316 Services                   0           352 K
conhost.exe                   1732 Services                   0           200 K
mfevtps.exe                   1876 Services                   0        11.032 K
NOBuAgent.exe                 1752 Services                   0         1.180 K
taskhost.exe                  2276 Console                    1         3.180 K
dwm.exe                       2456 Console                    1        33.688 K
explorer.exe                  2496 Console                    1       135.148 K
SeaPort.EXE                   2576 Services                   0         4.488 K
SftService.exe                2860 Services                   0         2.860 K
sftvsa.exe                    2924 Services                   0           816 K
svchost.exe                   2956 Services                   0        31.440 K
WLIDSVC.EXE                   3012 Services                   0        10.976 K
STService.exe                 3032 Console                    1         5.256 K
DSUpd.exe                     2268 Console                    1         1.620 K
mcshield.exe                  2212 Services                   0       125.104 K
WLIDSVCM.EXE                  2116 Services                   0           480 K
mfefire.exe                   3200 Services                   0         3.440 K
sftlist.exe                   3236 Services                   0        10.636 K
McSvHost.exe                  3368 Services                   0        19.148 K
Toaster.exe                   3820 Console                    1        15.560 K
CVHSVC.EXE                    3280 Services                   0         3.704 K
svchost.exe                   4108 Services                   0        40.536 K
svchost.exe                   4128 Services                   0        25.104 K
WUDFHost.exe                  4332 Services                   0         1.924 K
WmiPrvSE.exe                  4572 Services                   0         5.068 K
SynTPEnh.exe                  4944 Console                    1         6.580 K
RAVCpl64.exe                  4960 Console                    1         2.456 K
quickset.exe                  4996 Console                    1         6.184 K
WLTRAY.EXE                    5060 Console                    1        18.148 K
sidebar.exe                   2484 Console                    1        30.008 K
ICQ.exe                       1760 Console                    1        46.228 K
RoxioBurnLauncher.exe         2584 Console                    1         3.884 K
BTTray.exe                    4688 Console                    1         5.708 K
WebcamDell2.exe               2332 Console                    1         4.344 K
soffice.exe                   4740 Console                    1           528 K
MOM.exe                       4712 Console                    1         5.216 K
mcagent.exe                   5104 Console                    1         4.536 K
soffice.bin                    772 Console                    1         5.700 K
99YB885.exe                   4860 Console                    1         7.272 K
jusched.exe                   4432 Console                    1         2.424 K
SynTPHelper.exe               4492 Console                    1           928 K
iTunesHelper.exe              4812 Console                    1         5.972 K
avgnt.exe                     2244 Console                    1         4.360 K
BTStackServer.exe             5276 Console                    1        10.504 K
CCC.exe                       5284 Console                    1        16.608 K
SearchIndexer.exe             5512 Services                   0        30.368 K
wmpnetwk.exe                  5968 Services                   0        15.300 K
iPodService.exe               3104 Services                   0         3.276 K
svchost.exe                   5932 Services                   0        57.496 K
svchost.exe                   7408 Services                   0        53.952 K
dllhost.exe                   7580 Services                   0         2.384 K
LMS.exe                       8948 Services                   0         1.728 K
UNS.exe                       7244 Services                   0         5.340 K
PresentationFontCache.exe     3088 Services                   0         1.796 K
wordpad.exe                   5584 Console                    1        29.800 K
Skype.exe                     4568 Console                    1        67.816 K
skypePM.exe                   5776 Console                    1         6.744 K
notepad.exe                   6632 Console                    1         3.100 K
iTunes.exe                    3772 Console                    1        74.312 K
AppleMobileDeviceHelper.e     2880 Console                    1         3.468 K
conhost.exe                   4176 Console                    1           212 K
distnoted.exe                 7296 Console                    1         2.280 K
conhost.exe                   7496 Console                    1           336 K
Radiotracker.exe              4864 Console                    1         8.524 K
audiodg.exe                   8736 Services                   0        20.292 K
PodSpiderU.exe                7284 Console                    1        86.616 K
MDCrashReportTool.exe         9828 Console                    1           844 K
conhost.exe                    916 Console                    1           216 K
mcods.exe                     6472 Services                   0         8.804 K
rundll32.exe                  7348 Console                    1         2.128 K
csrss.exe                    10880                            2         8.848 K
winlogon.exe                  8844                            2         3.948 K
atieclxx.exe                 10896                            2         3.684 K
taskhost.exe                  7776                            2         6.372 K
explorer.exe                 10196                            2        52.848 K
dwm.exe                       9712                            2         3.624 K
SynTPEnh.exe                  8928                            2         6.296 K
RAVCpl64.exe                  9412                            2         3.208 K
quickset.exe                 10544                            2         7.388 K
WLTRAY.EXE                    9944                            2        19.360 K
BTTray.exe                   11496                            2         6.300 K
RoxioBurnLauncher.exe        11708                            2         3.992 K
WebcamDell2.exe              11808                            2         4.536 K
mcagent.exe                  11872                            2         5.756 K
jusched.exe                  11956                            2         6.716 K
iTunesHelper.exe             11984                            2         5.216 K
MOM.exe                      12016                            2         3.368 K
avgnt.exe                    12128                            2         3.460 K
BTStackServer.exe            13164                            2         9.020 K
SynTPHelper.exe              13184                            2           488 K
BluetoothHeadsetProxy.exe    13596                            2         1.288 K
CCC.exe                      14048                            2         4.328 K
firefox.exe                  15344                            2       184.856 K
plugin-container.exe         10248                            2        16.380 K
notepad.exe                   9376                            2        21.792 K
CVH.EXE                      16008                            2         2.852 K
WINWORDC.EXE                 12612                            2        28.252 K
OFFICEVIRT.EXE                5716                            2           972 K
OSPPSVC.EXE                  15516 Services                   0         2.024 K
OffSpon.EXE                  14744                            2         6.160 K
splwow64.exe                 15756                            2           784 K
wuauclt.exe                  13060 Console                    1         1.304 K
firefox.exe                   4076 Console                    1       254.644 K
plugin-container.exe          6468 Console                    1        40.612 K
OTL.exe                       9920 Console                    1        16.848 K
svchost.exe                   6748 Services                   0         2.856 K
notepad.exe                   3216 Console                    1           224 K
WinRAR.exe                    9108 Console                    1        18.196 K
SearchProtocolHost.exe        8316 Services                   0         8.592 K
SearchFilterHost.exe          9700 Services                   0         6.852 K
cmd.exe                       5200 Console                    1         3.888 K
conhost.exe                   5028 Console                    1         6.852 K
dllhost.exe                   7584 Console                    1         6.008 K
tasklist.exe                  3472 Console                    1         5.720 K
WmiPrvSE.exe                  2124 Services                   0         6.456 K

 
***** Ende des Scans 30.05.2011 um 23:49:01,96 ***

Alt 30.05.2011, 22:59   #8
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.05.2011 23:43:15 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 37,08% Memory free
7,73 Gb Paging File | 3,69 Gb Available in Paging File | 47,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,39 Gb Total Space | 174,01 Gb Free Space | 75,53% Space Free | Partition Type: NTFS
Drive E: | 220,62 Gb Total Space | 220,01 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
Drive F: | 7,40 Gb Total Space | 6,78 Gb Free Space | 91,66% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.

	
Code: 

 
ATTFilter


  

	
--------- 0  
 26.02.2011 12:51     C:\Users\CHRIST~1\AppData\Local\Temp\5F78F4EA-17F7-4E28-9E91-B00579621DA6.jpeg --------- 3731  
 26.02.2011 12:49     C:\Users\CHRIST~1\AppData\Local\Temp\53228FBE-635E-4053-83AB-D7A285473CB8.jpeg --------- 2689  
 26.02.2011 12:49     C:\Users\CHRIST~1\AppData\Local\Temp\450CA880-4DC5-4DC1-A610-0CF1B1620303.jpeg --------- 3731  
 26.02.2011 12:39     C:\Users\CHRIST~1\AppData\Local\Temp\~DF018A66404EA3BE31.TMP --------- 540672  
 26.02.2011 12:38     C:\Users\CHRIST~1\AppData\Local\Temp\C07A9810-C307-4BDD-9A51-373D5283AE73.jpeg --------- 78132  
 26.02.2011 12:35     C:\Users\CHRIST~1\AppData\Local\Temp\E42D2B81-7387-46F8-8C6A-44E48E891A8F.jpeg --------- 13568  
 26.02.2011 12:29     C:\Users\CHRIST~1\AppData\Local\Temp\04B15584-2044-46E1-A091-B1811E433247.jpeg --------- 48614  
 26.02.2011 03:48     C:\Users\CHRIST~1\AppData\Local\Temp\9174872D-B9EA-469B-83BF-427D938E52C4.png --------- 330566  
 26.02.2011 03:47     C:\Users\CHRIST~1\AppData\Local\Temp\6F21956B-CFE1-4BF2-B0C1-09F1A465B0FD.png --------- 330566  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\44BD4426-DEC7-4DF7-9284-4840EFDDA432.jpeg --------- 44661  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\7966CEB6-8CE6-44E5-B363-8AC5FA0B5646.jpeg --------- 50948  
 26.02.2011 03:42     C:\Users\CHRIST~1\AppData\Local\Temp\782C6CFF-DA5C-4549-B2ED-948ED3607697.jpeg --------- 50948  
 26.02.2011 03:35     C:\Users\CHRIST~1\AppData\Local\Temp\431F06C6-3C3F-4F02-891A-3A13C7911267.jpeg --------- 45889  
 26.02.2011 03:23     C:\Users\CHRIST~1\AppData\Local\Temp\2162D64A-B403-4E0A-BC0D-62594EC9327C.jpeg --------- 20263  
 26.02.2011 03:21     C:\Users\CHRIST~1\AppData\Local\Temp\FFB1BA7F-C7EB-4548-A013-2317FD8D1BDB.jpeg --------- 56371  
 26.02.2011 03:14     C:\Users\CHRIST~1\AppData\Local\Temp\FBE59638-A643-47AD-A5A1-9298DC1655F7.jpeg --------- 23387  
 26.02.2011 03:09     C:\Users\CHRIST~1\AppData\Local\Temp\0159AAB4-BC38-40D8-B8B2-FC0A0A451E69.jpeg --------- 20263  
 26.02.2011 03:06     C:\Users\CHRIST~1\AppData\Local\Temp\3D81A214-A398-4B59-8A73-8ADD8E4820D8.jpeg --------- 20263  
 26.02.2011 01:56     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic6.tmp --------- 0  
 25.02.2011 20:35     C:\Users\CHRIST~1\AppData\Local\Temp\plugtmp --------- 0  
 25.02.2011 19:42     C:\Users\CHRIST~1\AppData\Local\Temp\~DF7510CE26D72E9A4B.TMP --------- 212992  
 25.02.2011 19:28     C:\Users\CHRIST~1\AppData\Local\Temp\RarSFX0 --------- 0  
 25.02.2011 19:19     C:\Users\CHRIST~1\AppData\Local\Temp\ImportFromA4_20110225_181917_E84.txt --------- 1272  
 25.02.2011 01:11     C:\Users\CHRIST~1\AppData\Local\Temp\MultiMeterD124.gadget.~0000 --------- 1197389  
 25.02.2011 01:10     C:\Users\CHRIST~1\AppData\Local\Temp\TechnoBaseFM.Gadget.~0000 --------- 72803  
 25.02.2011 01:04     C:\Users\CHRIST~1\AppData\Local\Temp\kie06yfp.bmp --------- 8294454  
 25.02.2011 01:02     C:\Users\CHRIST~1\AppData\Local\Temp\4j2z2cch.bmp --------- 3145782  
 25.02.2011 01:01     C:\Users\CHRIST~1\AppData\Local\Temp\bunsa91r.bmp --------- 9216054  
 25.02.2011 01:00     C:\Users\CHRIST~1\AppData\Local\Temp\5ua22ahy.bmp --------- 16960054  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0004 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0001 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0005 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0003 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0006 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0000 --------- 97883  
 25.02.2011 00:55     C:\Users\CHRIST~1\AppData\Local\Temp\iRadio2.5.2.Gadget.~0002 --------- 97883  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0003 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0001 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0000 --------- 184194  
 25.02.2011 00:53     C:\Users\CHRIST~1\AppData\Local\Temp\yavido.gadget.~0002 --------- 184194  
 25.02.2011 00:49     C:\Users\CHRIST~1\AppData\Local\Temp\RadioCenter.v1.0.8.gadget.~0000 --------- 1242804  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\JAUReg.log --------- 320  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\java_install_reg.log --------- 4654  
 24.02.2011 21:54     C:\Users\CHRIST~1\AppData\Local\Temp\java_install.log --------- 29234  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistUI0642.txt --------- 11700  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistMSI0642.txt --------- 367248  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistUI05D6.txt --------- 11636  
 24.02.2011 21:53     C:\Users\CHRIST~1\AppData\Local\Temp\dd_vcredistMSI05D6.txt --------- 386378  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\PCW637.xml --------- 740  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\PCW637.tmp --------- 0  
 24.02.2011 21:48     C:\Users\CHRIST~1\AppData\Local\Temp\{4bf9a4c3-7d26-462f-9285-f133a857a832} --------- 0  
 24.02.2011 21:47     C:\Users\CHRIST~1\AppData\Local\Temp\{c6dfc7c9-9508-4f90-9787-f140517c7cd9} --------- 0  
 24.02.2011 21:46     C:\Users\CHRIST~1\AppData\Local\Temp\PCWB71E.tmp --------- 0  
 24.02.2011 21:46     C:\Users\CHRIST~1\AppData\Local\Temp\PCWB71E.xml --------- 740  
 24.02.2011 21:32     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic5.tmp --------- 0  
 24.02.2011 21:11     C:\Users\CHRIST~1\AppData\Local\Temp\_ir_tu2_temp_0 --------- 0  
 24.02.2011 21:02     C:\Users\CHRIST~1\AppData\Local\Temp\OOBE(2011022420022017D4).log --------- 5184  
 24.02.2011 21:00     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic4.tmp --------- 0  
 24.02.2011 20:29     C:\Users\CHRIST~1\AppData\Local\Temp\tmpA67D.tmp --------- 1797  
 24.02.2011 20:19     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic3.tmp --------- 0  
 24.02.2011 20:09     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic2.tmp --------- 0  
 24.02.2011 19:21     C:\Users\CHRIST~1\AppData\Local\Temp\java_install_sp.log --------- 1231  
 24.02.2011 19:21     C:\Users\CHRIST~1\AppData\Local\Temp\MSN25D9.tmp --------- 0  
 24.02.2011 19:19     C:\Users\CHRIST~1\AppData\Local\Temp\jinstall.cfg --------- 1275  
 24.02.2011 19:11     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic1.tmp --------- 0  
 24.02.2011 18:42     C:\Users\CHRIST~1\AppData\Local\Temp\Messenger Companion --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\Sonic.tmp --------- 0  
 24.02.2011 18:35     C:\Users\CHRIST~1\AppData\Local\Temp\Log --------- 0  
 24.02.2011 18:34     C:\Users\CHRIST~1\AppData\Local\Temp\TAS586B.tmp --------- 0  
 10.02.2011 02:48     C:\Users\CHRIST~1\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe --------- 885536  
 13.08.2010 20:19     C:\Users\CHRIST~1\AppData\Local\Temp\MSN25D9.exe --------- 468232  
----------------------------------------

 
C:\Program Files

 25.04.2011 11:59     C:\Program Files\iTunes --------- 0  
 25.04.2011 11:59     C:\Program Files\iPod --------- 0  
 25.04.2011 11:57     C:\Program Files\Common Files --------- 4096  
 25.04.2011 11:57     C:\Program Files\Bonjour --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Sidebar --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Mail --------- 0  
 19.04.2011 12:02     C:\Program Files\DVD Maker --------- 0  
 19.04.2011 12:02     C:\Program Files\Internet Explorer --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Portable Devices --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Media Player --------- 4096  
 19.04.2011 12:02     C:\Program Files\Windows Journal --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Photo Viewer --------- 0  
 19.04.2011 12:02     C:\Program Files\Windows Defender --------- 4096  
 04.03.2011 19:26     C:\Program Files\Windows Live --------- 0  
 02.03.2011 01:28     C:\Program Files\Microsoft Office --------- 0  
 24.02.2011 18:32     C:\Program Files\Gemeinsame Dateien --------- 0  
 24.02.2011 18:32     C:\Program Files\Windows NT --------- 4096  
 19.02.2011 02:15     C:\Program Files\Synaptics --------- 0  
 19.02.2011 02:06     C:\Program Files\Dell Games Folder --------- 0  
 19.02.2011 01:03     C:\Program Files\Microsoft Games --------- 4096  
 19.02.2011 00:56     C:\Program Files\mcafee --------- 4096  
 19.02.2011 00:56     C:\Program Files\mcafee.com --------- 0  
 19.02.2011 00:40     C:\Program Files\Dell --------- 0  
 19.02.2011 00:39     C:\Program Files\WIDCOMM --------- 0  
 19.02.2011 00:36     C:\Program Files\Roxio --------- 0  
 19.02.2011 00:31     C:\Program Files\dell stage --------- 0  
 19.02.2011 00:26     C:\Program Files\Dell Inc --------- 0  
 19.02.2011 00:26     C:\Program Files\Java --------- 0  
 18.02.2011 17:19     C:\Program Files\Realtek --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Neu    
Christian    
Default    
Public    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         2.204 K
smss.exe                       336 Services                   0           488 K
csrss.exe                      572 Services                   0         2.092 K
wininit.exe                    636 Services                   0           368 K
csrss.exe                      664 Console                    1         8.400 K
services.exe                   704 Services                   0        42.920 K
lsass.exe                      720 Services                   0        30.180 K
lsm.exe                        728 Services                   0         3.772 K
winlogon.exe                   796 Console                    1        25.292 K
svchost.exe                    880 Services                   0        42.392 K
svchost.exe                    996 Services                   0        29.168 K
atiesrxx.exe                   368 Services                   0         1.848 K
svchost.exe                    592 Services                   0        78.304 K
svchost.exe                    652 Services                   0       226.852 K
svchost.exe                    896 Services                   0       102.484 K
svchost.exe                   1116 Services                   0        45.836 K
svchost.exe                   1204 Services                   0        49.752 K
WLTRYSVC.EXE                  1284 Services                   0           428 K
wlanext.exe                   1420 Services                   0         1.720 K
conhost.exe                   1428 Services                   0           192 K
BCMWLTRY.EXE                  1480 Services                   0        18.680 K
spoolsv.exe                   1536 Services                   0        37.380 K
atieclxx.exe                  1576 Console                    1         2.844 K
sched.exe                     1592 Services                   0         1.980 K
svchost.exe                   1832 Services                   0        41.428 K
AERTSr64.exe                  1960 Services                   0           420 K
avguard.exe                   1988 Services                   0        21.040 K
AppleMobileDeviceService.     2016 Services                   0         4.740 K
mDNSResponder.exe             1064 Services                   0         2.648 K
btwdins.exe                   1192 Services                   0         3.240 K
ICQ Service.exe               1352 Services                   0           744 K
avshadow.exe                  1316 Services                   0           352 K
conhost.exe                   1732 Services                   0           200 K
mfevtps.exe                   1876 Services                   0        11.032 K
NOBuAgent.exe                 1752 Services                   0         1.180 K
taskhost.exe                  2276 Console                    1         3.180 K
dwm.exe                       2456 Console                    1        33.688 K
explorer.exe                  2496 Console                    1       135.148 K
SeaPort.EXE                   2576 Services                   0         4.488 K
SftService.exe                2860 Services                   0         2.860 K
sftvsa.exe                    2924 Services                   0           816 K
svchost.exe                   2956 Services                   0        31.440 K
WLIDSVC.EXE                   3012 Services                   0        10.976 K
STService.exe                 3032 Console                    1         5.256 K
DSUpd.exe                     2268 Console                    1         1.620 K
mcshield.exe                  2212 Services                   0       125.104 K
WLIDSVCM.EXE                  2116 Services                   0           480 K
mfefire.exe                   3200 Services                   0         3.440 K
sftlist.exe                   3236 Services                   0        10.636 K
McSvHost.exe                  3368 Services                   0        19.148 K
Toaster.exe                   3820 Console                    1        15.560 K
CVHSVC.EXE                    3280 Services                   0         3.704 K
svchost.exe                   4108 Services                   0        40.536 K
svchost.exe                   4128 Services                   0        25.104 K
WUDFHost.exe                  4332 Services                   0         1.924 K
WmiPrvSE.exe                  4572 Services                   0         5.068 K
SynTPEnh.exe                  4944 Console                    1         6.580 K
RAVCpl64.exe                  4960 Console                    1         2.456 K
quickset.exe                  4996 Console                    1         6.184 K
WLTRAY.EXE                    5060 Console                    1        18.148 K
sidebar.exe                   2484 Console                    1        30.008 K
ICQ.exe                       1760 Console                    1        46.228 K
RoxioBurnLauncher.exe         2584 Console                    1         3.884 K
BTTray.exe                    4688 Console                    1         5.708 K
WebcamDell2.exe               2332 Console                    1         4.344 K
soffice.exe                   4740 Console                    1           528 K
MOM.exe                       4712 Console                    1         5.216 K
mcagent.exe                   5104 Console                    1         4.536 K
soffice.bin                    772 Console                    1         5.700 K
99YB885.exe                   4860 Console                    1         7.272 K
jusched.exe                   4432 Console                    1         2.424 K
SynTPHelper.exe               4492 Console                    1           928 K
iTunesHelper.exe              4812 Console                    1         5.972 K
avgnt.exe                     2244 Console                    1         4.360 K
BTStackServer.exe             5276 Console                    1        10.504 K
CCC.exe                       5284 Console                    1        16.608 K
SearchIndexer.exe             5512 Services                   0        30.368 K
wmpnetwk.exe                  5968 Services                   0        15.300 K
iPodService.exe               3104 Services                   0         3.276 K
svchost.exe                   5932 Services                   0        57.496 K
svchost.exe                   7408 Services                   0        53.952 K
dllhost.exe                   7580 Services                   0         2.384 K
LMS.exe                       8948 Services                   0         1.728 K
UNS.exe                       7244 Services                   0         5.340 K
PresentationFontCache.exe     3088 Services                   0         1.796 K
wordpad.exe                   5584 Console                    1        29.800 K
Skype.exe                     4568 Console                    1        67.816 K
skypePM.exe                   5776 Console                    1         6.744 K
notepad.exe                   6632 Console                    1         3.100 K
iTunes.exe                    3772 Console                    1        74.312 K
AppleMobileDeviceHelper.e     2880 Console                    1         3.468 K
conhost.exe                   4176 Console                    1           212 K
distnoted.exe                 7296 Console                    1         2.280 K
conhost.exe                   7496 Console                    1           336 K
Radiotracker.exe              4864 Console                    1         8.524 K
audiodg.exe                   8736 Services                   0        20.292 K
PodSpiderU.exe                7284 Console                    1        86.616 K
MDCrashReportTool.exe         9828 Console                    1           844 K
conhost.exe                    916 Console                    1           216 K
mcods.exe                     6472 Services                   0         8.804 K
rundll32.exe                  7348 Console                    1         2.128 K
csrss.exe                    10880                            2         8.848 K
winlogon.exe                  8844                            2         3.948 K
atieclxx.exe                 10896                            2         3.684 K
taskhost.exe                  7776                            2         6.372 K
explorer.exe                 10196                            2        52.848 K
dwm.exe                       9712                            2         3.624 K
SynTPEnh.exe                  8928                            2         6.296 K
RAVCpl64.exe                  9412                            2         3.208 K
quickset.exe                 10544                            2         7.388 K
WLTRAY.EXE                    9944                            2        19.360 K
BTTray.exe                   11496                            2         6.300 K
RoxioBurnLauncher.exe        11708                            2         3.992 K
WebcamDell2.exe              11808                            2         4.536 K
mcagent.exe                  11872                            2         5.756 K
jusched.exe                  11956                            2         6.716 K
iTunesHelper.exe             11984                            2         5.216 K
MOM.exe                      12016                            2         3.368 K
avgnt.exe                    12128                            2         3.460 K
BTStackServer.exe            13164                            2         9.020 K
SynTPHelper.exe              13184                            2           488 K
BluetoothHeadsetProxy.exe    13596                            2         1.288 K
CCC.exe                      14048                            2         4.328 K
firefox.exe                  15344                            2       184.856 K
plugin-container.exe         10248                            2        16.380 K
notepad.exe                   9376                            2        21.792 K
CVH.EXE                      16008                            2         2.852 K
WINWORDC.EXE                 12612                            2        28.252 K
OFFICEVIRT.EXE                5716                            2           972 K
OSPPSVC.EXE                  15516 Services                   0         2.024 K
OffSpon.EXE                  14744                            2         6.160 K
splwow64.exe                 15756                            2           784 K
wuauclt.exe                  13060 Console                    1         1.304 K
firefox.exe                   4076 Console                    1       254.644 K
plugin-container.exe          6468 Console                    1        40.612 K
OTL.exe                       9920 Console                    1        16.848 K
svchost.exe                   6748 Services                   0         2.856 K
notepad.exe                   3216 Console                    1           224 K
WinRAR.exe                    9108 Console                    1        18.196 K
SearchProtocolHost.exe        8316 Services                   0         8.592 K
SearchFilterHost.exe          9700 Services                   0         6.852 K
cmd.exe                       5200 Console                    1         3.888 K
conhost.exe                   5028 Console                    1         6.852 K
dllhost.exe                   7584 Console                    1         6.008 K
tasklist.exe                  3472 Console                    1         5.720 K
WmiPrvSE.exe                  2124 Services                   0         6.456 K

 
***** Ende des Scans 30.05.2011 um 23:49:01,96 ***
         
 
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
"{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{25CB97F0-10F7-4986-99A4-8BDA1C338E8E}" = Radiotracker
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2EEC4A52-7705-4BB4-BF45-64008EB5D0F1}" = Audials
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
"{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F3AB64A-CC2D-C533-C5CD-30420E2DC578}" = Skins
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
"{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
"{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
"{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
"7efeb9935159a92ad4e101276c2a02bb" = Delicious - Emily's Childhood Memories Premium Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"b2f7454f69b93f94039b118c57994377" = Airport Mania 2 - Wild Trips Premium Edition
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular für Privatanwender und Unternehmer 12.1.1.6214k" = ElsterFormular für Privatanwender und Unternehmer
"ICQToolbar" = ICQ Toolbar
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.04.2011 14:51:04 | Computer Name = Christian-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'Y:\dell\Image\Factory.wim' missing
 
Error - 11.04.2011 15:14:39 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 14.04.2011 14:05:09 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Servername oder die Serveradresse konnte
 nicht verarbeitet werden.   ErrorCode: 14007(0x36b7). 
 
Error - 14.04.2011 21:36:54 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 16.04.2011 12:26:51 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 17.04.2011 17:06:31 | Computer Name = Christian-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'Y:\dell\Image\Factory.wim' missing
 
Error - 17.04.2011 17:06:47 | Computer Name = Christian-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'Y:\dell\Image\Factory.wim' missing
 
Error - 18.04.2011 08:14:56 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 19.04.2011 04:30:57 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: StageUpdater.exe, Version: 2.1.0.0,
 Zeitstempel: 0x4c19d93c  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbde  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00012c49  ID des fehlerhaften
 Prozesses: 0x1aec  Startzeit der fehlerhaften Anwendung: 0x01cbfe213d9a0552  Pfad der
 fehlerhaften Anwendung: C:\Users\CHRIST~1\AppData\Local\Temp\761a6463dc85da45c90f2056d7ee0dc7\StageUpdater.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll  Berichtskennung: 5902de9e-6a5f-11e0-a82b-f04da26d62a8
 
Error - 19.04.2011 06:00:27 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.60.48.35,
 Zeitstempel: 0x4b591cc1  Name des fehlerhaften Moduls: mfc90u.dll, Version: 9.0.30729.4148,
 Zeitstempel: 0x4a5967eb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000395c
ID
 des fehlerhaften Prozesses: 0x5cc  Startzeit der fehlerhaften Anwendung: 0x01cbfc5191abd9c7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1\mfc90u.dll
Berichtskennung:
 d9848323-6a6b-11e0-a82b-f04da26d62a8
 
[ Broadcom Wireless LAN Events ]
Error - 19.04.2011 06:09:04 | Computer Name = Christian-PC | Source = WLAN-Tray | ID = 0
Description = 12:09:03, Tue, Apr 19, 11 Error - Unable to gain access to user store

 
Error - 10.05.2011 13:55:06 | Computer Name = Christian-PC | Source = WLAN-Tray | ID = 0
Description = 19:55:06, Tue, May 10, 11 Error - Unable to gain access to user store

 
[ Dell Events ]
Error - 17.04.2011 17:06:25 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.04.2011 17:06:43 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.04.2011 17:06:43 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.04.2011 06:00:14 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.04.2011 06:00:14 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:10 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:10 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:30 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:30 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.05.2011 13:57:16 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 15.05.2011 10:03:34 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 15.05.2011 10:03:36 | Computer Name = Christian-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{215BF77B-5477-4E05-8A3C-E4D2D158ABC3} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 15.05.2011 10:03:36 | Computer Name = Christian-PC | Source = NetBT | ID = 4321
Description = Der Name "CHRISTIAN-PC   :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.05.2011 10:03:36 | Computer Name = Christian-PC | Source = NetBT | ID = 4321
Description = Der Name "CHRISTIAN-PC   :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.05.2011 10:16:49 | Computer Name = Christian-PC | Source = NetBT | ID = 4321
Description = Der Name "CHRISTIAN-PC   :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.05.2011 10:52:09 | Computer Name = Christian-PC | Source = NetBT | ID = 4321
Description = Der Name "CHRISTIAN-PC   :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.05.2011 10:52:12 | Computer Name = Christian-PC | Source = NetBT | ID = 4321
Description = Der Name "CHRISTIAN-PC   :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.05.2011 16:45:03 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 16.05.2011 11:54:25 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 16.05.2011 17:49:00 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
--- --- ---

[/code]

Alt 31.05.2011, 17:10   #9
kira
/// Helfer-Team
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


- Punkt 4. - fehlt noch, bitte nachreichen!

Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
PRC - C:\Users\CHRIST~1\AppData\Local\Temp\99YB885.exe (Microsoft Corporation)
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2011.04.20 11:53:10 | 000,002,567 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\askcom.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW] C:\rgotgktjgbt\rgotgktjgbt.exe (ntab)

:Files
C:\Users\CHRIST~1\AppData\Local\Temp\99YB885.exe 

:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 05.06.2011, 14:26   #10
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named 99YB885.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
File C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\askcom.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW deleted successfully.
C:\rgotgktjgbt\rgotgktjgbt.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\CHRIST~1\AppData\Local\Temp\99YB885.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 1432592229 bytes
->Temporary Internet Files folder emptied: 10983180 bytes
->Java cache emptied: 4447359 bytes
->FireFox cache emptied: 47610662 bytes
->Flash cache emptied: 21070 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Neu
->Temp folder emptied: 5849670 bytes
->Temporary Internet Files folder emptied: 3426879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63935131 bytes
->Flash cache emptied: 1280 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36075747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 4034063461 bytes
 
Total Files Cleaned = 5.378,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06052011_152002

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\Cw94BFD.exe moved successfully.
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 05.06.2011, 14:36   #11
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2011 15:27:45 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,61% Memory free
7,73 Gb Paging File | 5,17 Gb Available in Paging File | 66,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,39 Gb Total Space | 176,29 Gb Free Space | 76,52% Space Free | Partition Type: NTFS
Drive E: | 220,62 Gb Total Space | 220,01 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAWFwk) -- c:\Programme\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.12 00:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.25 11:58:06 | 000,000,000 | ---D | M]
 
[2011.02.24 19:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2011.06.03 13:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions
[2011.04.29 20:18:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.16 18:18:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.20 12:04:56 | 000,000,000 | ---D | M] (Copy ShortURL) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\d17wnyoz.default\extensions\jid0-ODIKJS9b4IT3H1NYlPKr0NDtLuE@jetpack
[2011.05.31 18:59:00 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-1.xml
[2011.03.30 14:23:42 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-2.xml
[2011.04.18 12:03:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-3.xml
[2011.04.20 11:53:04 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-4.xml
[2011.06.05 15:18:39 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin-5.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\d17wnyoz.default\searchplugins\icqplugin.xml
[2011.04.18 12:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.24 21:54:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\EXTENSION@CIUVO.COM.XPI
() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D17WNYOZ.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011.04.29 20:18:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110512002306.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512002306.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [0JUC5I2ZXZ6C0Y9AMPWRKP]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.05 15:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.06.05 15:05:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.30 23:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.30 23:53:41 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.29 21:28:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.05.26 18:30:47 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.25 23:04:21 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.05.23 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2011.05.23 22:48:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.23 22:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.23 22:48:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.23 22:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.23 22:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.23 22:24:09 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.05.23 22:24:09 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.05.23 22:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.23 22:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.05.18 14:30:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.18 14:30:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.14 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\elsterformular
[2011.05.14 17:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011.05.14 17:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.05.14 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.05.11 20:11:50 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 20:11:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 20:11:49 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 20:10:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 20:10:44 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.09 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.09 21:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.05 15:30:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 15:30:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 15:27:41 | 001,500,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.05 15:27:41 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.05 15:27:41 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.05 15:27:41 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.05 15:27:41 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.05 15:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.05 15:22:30 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.05 02:14:20 | 000,031,884 | ---- | M] () -- C:\Users\Christian\Desktop\0477acd7eb284b6f481c3137c8.jpg
[2011.05.30 23:53:48 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.29 21:28:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.05.26 18:30:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.23 22:48:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 22:24:27 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.14 17:36:10 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.05.10 19:52:51 | 513,361,090 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.06.05 02:14:19 | 000,031,884 | ---- | C] () -- C:\Users\Christian\Desktop\0477acd7eb284b6f481c3137c8.jpg
[2011.05.30 23:53:48 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.30 23:48:42 | 000,030,259 | ---- | C] () -- C:\Users\Christian\Desktop\hjtscanlist.bat
[2011.05.23 22:48:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 22:24:27 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.14 17:36:10 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.05.10 19:52:51 | 513,361,090 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.18 11:13:13 | 000,000,046 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\FactoryInstaller.xml
[2011.03.10 21:29:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.02 01:29:06 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.26 19:24:20 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.02.19 02:01:24 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.18 17:19:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.05.19 12:27:46 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== LOP Check ==========
 
[2011.03.24 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\BOM
[2011.05.14 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\elsterformular
[2011.06.03 13:59:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2011.02.25 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2011.02.24 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCDr
[2011.05.04 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2011.03.02 01:29:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2011.03.01 01:00:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TrafficMonitor
[2009.07.14 07:08:49 | 000,008,190 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
Alt 05.06.2011, 14:38   #12
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.06.2011 15:27:45 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,61% Memory free
7,73 Gb Paging File | 5,17 Gb Available in Paging File | 66,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,39 Gb Total Space | 176,29 Gb Free Space | 76,52% Space Free | Partition Type: NTFS
Drive E: | 220,62 Gb Total Space | 220,01 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
"{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{25CB97F0-10F7-4986-99A4-8BDA1C338E8E}" = Radiotracker
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2EEC4A52-7705-4BB4-BF45-64008EB5D0F1}" = Audials
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
"{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F3AB64A-CC2D-C533-C5CD-30420E2DC578}" = Skins
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
"{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
"{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
"{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
"7efeb9935159a92ad4e101276c2a02bb" = Delicious - Emily's Childhood Memories Premium Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"b2f7454f69b93f94039b118c57994377" = Airport Mania 2 - Wild Trips Premium Edition
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular für Privatanwender und Unternehmer 12.1.1.6214k" = ElsterFormular für Privatanwender und Unternehmer
"ICQToolbar" = ICQ Toolbar
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 12:26:51 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 17.04.2011 17:06:31 | Computer Name = Christian-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'Y:\dell\Image\Factory.wim' missing
 
Error - 17.04.2011 17:06:47 | Computer Name = Christian-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'Y:\dell\Image\Factory.wim' missing
 
Error - 18.04.2011 08:14:56 | Computer Name = Christian-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 19.04.2011 04:30:57 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: StageUpdater.exe, Version: 2.1.0.0,
 Zeitstempel: 0x4c19d93c  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbde  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00012c49  ID des fehlerhaften
 Prozesses: 0x1aec  Startzeit der fehlerhaften Anwendung: 0x01cbfe213d9a0552  Pfad der
 fehlerhaften Anwendung: C:\Users\CHRIST~1\AppData\Local\Temp\761a6463dc85da45c90f2056d7ee0dc7\StageUpdater.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll  Berichtskennung: 5902de9e-6a5f-11e0-a82b-f04da26d62a8
 
Error - 19.04.2011 06:00:27 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.60.48.35,
 Zeitstempel: 0x4b591cc1  Name des fehlerhaften Moduls: mfc90u.dll, Version: 9.0.30729.4148,
 Zeitstempel: 0x4a5967eb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000395c
ID
 des fehlerhaften Prozesses: 0x5cc  Startzeit der fehlerhaften Anwendung: 0x01cbfc5191abd9c7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1\mfc90u.dll
Berichtskennung:
 d9848323-6a6b-11e0-a82b-f04da26d62a8
 
Error - 19.04.2011 06:27:24 | Computer Name = Christian-PC | Source = ESENT | ID = 215
Description = WinMail (4968) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 19.04.2011 06:27:29 | Computer Name = Christian-PC | Source = ESENT | ID = 215
Description = WinMail (2748) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 24.04.2011 18:24:33 | Computer Name = Christian-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 25.04.2011 05:37:25 | Computer Name = Christian-PC | Source = MsiInstaller | ID = 10005
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 19.04.2011 06:09:04 | Computer Name = Christian-PC | Source = WLAN-Tray | ID = 0
Description = 12:09:03, Tue, Apr 19, 11 Error - Unable to gain access to user store

 
Error - 10.05.2011 13:55:06 | Computer Name = Christian-PC | Source = WLAN-Tray | ID = 0
Description = 19:55:06, Tue, May 10, 11 Error - Unable to gain access to user store

 
[ Dell Events ]
Error - 17.04.2011 17:06:43 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.04.2011 06:00:14 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.04.2011 06:00:14 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:10 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:10 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:30 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.05.2011 15:07:30 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.05.2011 13:57:16 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.05.2011 13:57:16 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.06.2011 18:37:19 | Computer Name = Christian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 30.05.2011 13:39:35 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 30.05.2011 13:41:16 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.05.2011 15:56:08 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.05.2011 17:17:51 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.05.2011 12:48:13 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 31.05.2011 12:49:47 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?05.?2011 um 18:48:49 unerwartet heruntergefahren.
 
Error - 31.05.2011 12:50:37 | Computer Name = Christian-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 31.05.2011 12:50:37 | Computer Name = Christian-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 31.05.2011 12:55:30 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.05.2011 17:31:58 | Computer Name = Christian-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
--- --- ---
Alt 05.06.2011, 14:40   #13
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.02.2011	6,00MB	10.1.102.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	25.05.2011	6,00MB	10.3.181.14
Adobe Reader 9.1.2 - Deutsch	Adobe Systems Incorporated	17.02.2011	240MB	9.1.2
Advanced Audio FX Engine	Creative Technology Ltd	18.02.2011		1.12.05
Airport Mania 2 - Wild Trips Premium Edition		19.04.2011		
Apple Application Support	Apple Inc.	24.04.2011	51,0MB	1.5.1
Apple Mobile Device Support	Apple Inc.	24.04.2011	22,4MB	3.4.0.25
Apple Software Update	Apple Inc.	25.04.2011		2.1.2.120
Applian FLV Player	Applian Technologies Inc.	05.03.2011		2.0.24
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	17.02.2011		1.0.0.23
ATI Catalyst Control Center		18.02.2011		2.010.0122.0857
Audials	RapidSolution Software AG	20.04.2011	294MB	8.0.46302.200
Audials TV	RapidSolution Software AG	24.02.2011	2,07MB	1.3.10803.300
Avira AntiVir Personal - Free Antivirus	Avira GmbH	22.05.2011	70,6MB	10.0.0.648
Biet-O-Matic v2.14.8	BOM Development Team	25.02.2011		Biet-O-Matic v2.14.8
Bing Bar	Microsoft Corporation	17.03.2011		7.0.609.0
Bonjour	Apple Inc.	24.04.2011	1,79MB	2.0.5.0
CCleaner	Piriform	29.05.2011		3.07
Cisco EAP-FAST Module	Cisco Systems, Inc.	17.02.2011	1,55MB	2.2.14
Cisco LEAP Module	Cisco Systems, Inc.	17.02.2011	0,63MB	1.0.19
Cisco PEAP Module	Cisco Systems, Inc.	17.02.2011	1,24MB	1.1.6
Delicious - Emily's Childhood Memories Premium Edition		19.04.2011		
Dell DataSafe Local Backup	Dell	17.02.2011		9.4.51
Dell DataSafe Local Backup - Support Software	Dell	17.02.2011		
Dell DataSafe Online	Dell	17.02.2011	6,46MB	2.1.19634
Dell Getting Started Guide	Dell Inc.	17.02.2011	1,71MB	1.00.0000
Dell PhotoStage	ArcSoft	17.02.2011	101,7MB	1.5.0.19
Dell Stage	Fingertapps	02.05.2011	42,0MB	1.4.173.0
Dell VideoStage	CyberLink Corp.	17.02.2011	64,1MB	1.1.0.1011
Dell Webcam Central	Creative Technology Ltd	18.02.2011		2.00.35
DW WLAN Card Utility	Dell Inc.			5.60.48.35
eBay	eBay Inc.	17.02.2011	0,59MB	1.4.0
ElsterFormular für Privatanwender und Unternehmer	Landesfinanzdirektion Thüringen	13.05.2011		12.1.1.6214k
ICQ Toolbar	ICQ	25.02.2011		3.0.0
ICQ7.5	ICQ	28.04.2011		7.5
Intel(R) Management Engine Components	Intel Corporation			6.0.0.1179
iTunes	Apple Inc.	24.04.2011	145,3MB	10.2.2.12
Java(TM) 6 Update 22	Oracle	23.02.2011	97,1MB	6.0.220
Java(TM) 6 Update 23 (64-bit)	Oracle	17.02.2011	90,9MB	6.0.230
Java(TM) 6 Update 24	Oracle	17.02.2011	97,1MB	6.0.240
LoJack Factory Installer	Absolute Software	18.02.2011		1.0.0
Malwarebytes' Anti-Malware	Malwarebytes Corporation	22.05.2011	10,5MB	
McAfee SecurityCenter	McAfee, Inc.	11.05.2011		10.5.237
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.02.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.02.2011	2,94MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	17.02.2011	6,31MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	01.03.2011		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	01.03.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	22.04.2011		4.0.60310.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	17.02.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	06.03.2011		8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	05.03.2011	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.02.2011		8.0.58299
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.02.2011	0,69MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	18.05.2011	0,57MB	8.0.51011
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	19.05.2011		8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	19.05.2011		9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	18.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	18.02.2011		9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	23.02.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	13.05.2011	0,24MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.02.2011		9.0.30729.4148
MobileMe Control Panel	Apple Inc.	27.04.2011	12,0MB	3.1.6.0
Mozilla Firefox 4.0.1 (x86 de)	Mozilla	28.04.2011	31,5MB	4.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	24.02.2011		4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	23.02.2011	1,33MB	4.20.9876.0
MusicStage	Fingertapps	17.02.2011	46,9MB	1.3.31.0
OpenOffice.org 3.3	OpenOffice.org	24.02.2011		3.3.9567
PantsOff 2.0	Christoph Bünger Software	03.04.2011		2.0
PixiePack Codec Pack	None	30.04.2011	11,8MB	0.10.6.0
Quickset64	Dell Inc.	18.02.2011		10.6.2
QuickTime	Apple Inc.	25.04.2011		7.69.80.9
Radiotracker	RapidSolution Software AG	30.04.2011	188,2MB	4.1.10048.2910
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	17.02.2011		6.0.1.6088
Roxio Creator Starter	Roxio	18.02.2011	1.673MB	12.1.77.0
Skype Toolbars	Skype Technologies S.A.	08.05.2011	5,91MB	5.0.4137
Skype™ 5.1	Skype Technologies S.A.	08.05.2011	22,7MB	5.1.112
Synaptics Pointing Device Driver	Synaptics Incorporated	18.02.2011	46,4MB	15.0.20.0
WIDCOMM Bluetooth Software	Broadcom Corporation	17.02.2011	144,4MB	6.2.1.1100
WildTangent-Spiele	WildTangent	18.02.2011		1.0.0.71
Windows Live Essentials	Microsoft Corporation	18.02.2011		15.4.3508.1109
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	18.02.2011		15.4.5722.2
WinRAR 4.00 (32-Bit)	win.rar GmbH	12.03.2011		4.00.0

Alt 05.06.2011, 22:06   #14
kira
/// Helfer-Team
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


1.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [0JUC5I2ZXZ6C0Y9AMPWRKP]  File not found
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 06.06.2011, 21:20   #15
chris123456
 
Sparkassen Trojaner itan Eingabe - Standard

Sparkassen Trojaner itan Eingabe


Code:
ATTFilter
2011/06/06 22:18:09.0852 2760	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 22:18:11.0853 2760	================================================================================
2011/06/06 22:18:11.0854 2760	SystemInfo:
2011/06/06 22:18:11.0854 2760	
2011/06/06 22:18:11.0854 2760	OS Version: 6.1.7601 ServicePack: 1.0
2011/06/06 22:18:11.0854 2760	Product type: Workstation
2011/06/06 22:18:11.0854 2760	ComputerName: CHRISTIAN-PC
2011/06/06 22:18:11.0854 2760	UserName: Christian
2011/06/06 22:18:11.0854 2760	Windows directory: C:\Windows
2011/06/06 22:18:11.0854 2760	System windows directory: C:\Windows
2011/06/06 22:18:11.0854 2760	Running under WOW64
2011/06/06 22:18:11.0854 2760	Processor architecture: Intel x64
2011/06/06 22:18:11.0854 2760	Number of processors: 4
2011/06/06 22:18:11.0854 2760	Page size: 0x1000
2011/06/06 22:18:11.0855 2760	Boot type: Normal boot
2011/06/06 22:18:11.0855 2760	================================================================================
2011/06/06 22:18:12.0456 2760	Initialize success
2011/06/06 22:18:21.0540 10136	================================================================================
2011/06/06 22:18:21.0540 10136	Scan started
2011/06/06 22:18:21.0540 10136	Mode: Manual; 
2011/06/06 22:18:21.0540 10136	================================================================================
2011/06/06 22:18:23.0903 10136	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/06 22:18:23.0982 10136	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/06 22:18:24.0038 10136	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/06 22:18:24.0109 10136	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/06 22:18:24.0161 10136	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/06 22:18:24.0198 10136	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/06 22:18:24.0453 10136	AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/06 22:18:24.0677 10136	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/06 22:18:24.0824 10136	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/06 22:18:25.0180 10136	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/06 22:18:25.0328 10136	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/06 22:18:25.0524 10136	amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/06/06 22:18:25.0728 10136	amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/06 22:18:25.0769 10136	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/06 22:18:25.0829 10136	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/06 22:18:25.0954 10136	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/06 22:18:26.0045 10136	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/06 22:18:26.0243 10136	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/06 22:18:26.0388 10136	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/06 22:18:26.0434 10136	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/06 22:18:26.0511 10136	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/06 22:18:26.0614 10136	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/06 22:18:26.0807 10136	AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/06 22:18:26.0962 10136	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/06 22:18:27.0029 10136	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/06 22:18:27.0164 10136	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/06 22:18:27.0241 10136	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/06 22:18:27.0367 10136	BCM42RLY        (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
2011/06/06 22:18:27.0693 10136	BCM43XX         (0b0df4cd7c2c188c95c4e09c568ad54a) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/06 22:18:27.0881 10136	BcmVWL          (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
2011/06/06 22:18:28.0041 10136	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/06 22:18:28.0197 10136	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/06 22:18:28.0341 10136	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/06 22:18:28.0409 10136	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/06 22:18:28.0432 10136	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/06 22:18:28.0488 10136	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/06 22:18:28.0512 10136	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/06 22:18:28.0536 10136	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/06 22:18:28.0559 10136	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/06 22:18:28.0712 10136	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/06/06 22:18:28.0778 10136	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/06 22:18:28.0842 10136	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/06 22:18:28.0953 10136	BTHPORT         (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/06/06 22:18:29.0094 10136	BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/06/06 22:18:29.0154 10136	btusbflt        (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
2011/06/06 22:18:29.0264 10136	btwaudio        (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
2011/06/06 22:18:29.0352 10136	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/06 22:18:29.0462 10136	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/06 22:18:29.0541 10136	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/06 22:18:29.0651 10136	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/06 22:18:29.0727 10136	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/06/06 22:18:29.0937 10136	cfwids          (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/06/06 22:18:30.0008 10136	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/06 22:18:30.0053 10136	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/06 22:18:30.0147 10136	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/06 22:18:30.0197 10136	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/06 22:18:30.0259 10136	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/06 22:18:30.0320 10136	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/06 22:18:30.0376 10136	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/06 22:18:30.0415 10136	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/06 22:18:30.0471 10136	CtClsFlt        (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/06/06 22:18:30.0548 10136	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/06 22:18:30.0595 10136	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/06 22:18:30.0640 10136	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/06 22:18:30.0775 10136	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/06 22:18:30.0870 10136	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/06 22:18:31.0077 10136	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/06 22:18:31.0287 10136	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/06 22:18:31.0356 10136	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/06 22:18:31.0431 10136	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/06 22:18:31.0477 10136	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/06 22:18:31.0524 10136	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/06 22:18:31.0602 10136	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/06 22:18:31.0634 10136	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/06 22:18:31.0670 10136	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/06 22:18:31.0737 10136	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/06 22:18:31.0801 10136	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/06 22:18:31.0838 10136	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/06 22:18:31.0882 10136	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/06 22:18:31.0946 10136	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/06 22:18:31.0990 10136	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/06 22:18:32.0060 10136	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/06 22:18:32.0128 10136	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/06 22:18:32.0192 10136	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/06 22:18:32.0272 10136	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/06 22:18:32.0319 10136	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/06 22:18:32.0366 10136	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/06 22:18:32.0405 10136	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/06 22:18:32.0490 10136	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/06/06 22:18:32.0562 10136	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/06 22:18:32.0642 10136	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/06 22:18:32.0722 10136	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/06 22:18:32.0783 10136	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/06 22:18:32.0841 10136	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/06 22:18:32.0951 10136	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/06 22:18:33.0092 10136	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/06 22:18:33.0243 10136	IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/06 22:18:33.0368 10136	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/06 22:18:33.0413 10136	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/06 22:18:33.0471 10136	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/06 22:18:33.0521 10136	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/06 22:18:33.0563 10136	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/06 22:18:33.0623 10136	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/06 22:18:33.0731 10136	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/06 22:18:33.0803 10136	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/06 22:18:33.0933 10136	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/06 22:18:33.0998 10136	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/06 22:18:34.0070 10136	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/06 22:18:34.0130 10136	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/06 22:18:34.0184 10136	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/06 22:18:34.0293 10136	L1C             (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/06/06 22:18:34.0385 10136	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/06 22:18:34.0611 10136	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/06 22:18:34.0668 10136	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/06 22:18:34.0711 10136	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/06 22:18:34.0772 10136	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/06 22:18:34.0861 10136	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/06 22:18:35.0052 10136	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/06 22:18:35.0116 10136	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/06 22:18:35.0199 10136	mfeapfk         (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/06 22:18:35.0255 10136	mfeavfk         (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/06 22:18:35.0476 10136	mfefirek        (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/06/06 22:18:35.0591 10136	mfehidk         (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/06/06 22:18:35.0652 10136	mfenlfk         (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/06 22:18:35.0694 10136	mferkdet        (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/06/06 22:18:35.0739 10136	mfewfpk         (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/06 22:18:35.0808 10136	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/06 22:18:35.0929 10136	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/06 22:18:36.0009 10136	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/06/06 22:18:36.0084 10136	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/06 22:18:36.0152 10136	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/06 22:18:36.0210 10136	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/06 22:18:36.0263 10136	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/06 22:18:36.0321 10136	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/06 22:18:36.0373 10136	mrxsmb          (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/06 22:18:36.0414 10136	mrxsmb10        (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/06 22:18:36.0450 10136	mrxsmb20        (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/06 22:18:36.0491 10136	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/06 22:18:36.0536 10136	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/06 22:18:36.0642 10136	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/06 22:18:36.0671 10136	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/06 22:18:36.0716 10136	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/06 22:18:36.0857 10136	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/06 22:18:36.0953 10136	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/06 22:18:37.0008 10136	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/06 22:18:37.0070 10136	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/06 22:18:37.0144 10136	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/06 22:18:37.0177 10136	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/06 22:18:37.0197 10136	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/06 22:18:37.0296 10136	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/06 22:18:37.0385 10136	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/06 22:18:37.0486 10136	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/06 22:18:37.0568 10136	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/06 22:18:37.0611 10136	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/06 22:18:37.0671 10136	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/06 22:18:37.0705 10136	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/06 22:18:37.0753 10136	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/06 22:18:37.0822 10136	Netaapl         (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
2011/06/06 22:18:37.0917 10136	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/06 22:18:38.0000 10136	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/06 22:18:38.0070 10136	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/06 22:18:38.0124 10136	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/06 22:18:38.0163 10136	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/06 22:18:38.0254 10136	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/06 22:18:38.0344 10136	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/06 22:18:38.0390 10136	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/06 22:18:38.0431 10136	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/06 22:18:38.0499 10136	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/06 22:18:38.0537 10136	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/06 22:18:38.0615 10136	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/06 22:18:38.0663 10136	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/06 22:18:38.0717 10136	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/06 22:18:38.0759 10136	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/06 22:18:38.0810 10136	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/06 22:18:38.0852 10136	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/06 22:18:38.0925 10136	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/06 22:18:39.0146 10136	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/06 22:18:39.0214 10136	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/06 22:18:39.0290 10136	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/06 22:18:39.0349 10136	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/06 22:18:39.0430 10136	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/06 22:18:39.0502 10136	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/06 22:18:39.0562 10136	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/06 22:18:39.0584 10136	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/06 22:18:39.0640 10136	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/06 22:18:39.0699 10136	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/06 22:18:39.0749 10136	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/06 22:18:39.0794 10136	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/06 22:18:39.0894 10136	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/06 22:18:39.0961 10136	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/06 22:18:40.0027 10136	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/06 22:18:40.0060 10136	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/06 22:18:40.0093 10136	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/06 22:18:40.0155 10136	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/06 22:18:40.0234 10136	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/06 22:18:40.0298 10136	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/06 22:18:40.0471 10136	RRNetCap        (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys
2011/06/06 22:18:40.0494 10136	RRNetCapMP      (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys
2011/06/06 22:18:40.0568 10136	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/06 22:18:40.0618 10136	RSUSBSTOR       (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/06 22:18:40.0672 10136	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/06 22:18:40.0746 10136	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/06 22:18:40.0821 10136	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/06 22:18:40.0951 10136	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/06 22:18:41.0009 10136	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/06 22:18:41.0077 10136	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/06 22:18:41.0158 10136	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/06 22:18:41.0210 10136	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/06 22:18:41.0242 10136	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/06 22:18:41.0286 10136	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/06 22:18:41.0345 10136	Sftfs           (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/06 22:18:41.0428 10136	Sftplay         (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/06 22:18:41.0465 10136	Sftredir        (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/06 22:18:41.0514 10136	Sftvol          (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/06 22:18:41.0574 10136	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/06 22:18:41.0609 10136	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/06 22:18:41.0657 10136	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/06 22:18:41.0809 10136	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/06 22:18:41.0921 10136	srv             (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/06 22:18:41.0984 10136	srv2            (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/06 22:18:42.0045 10136	srvnet          (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/06 22:18:42.0112 10136	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/06 22:18:42.0180 10136	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/06 22:18:42.0259 10136	SynTP           (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/06 22:18:42.0389 10136	tbhsd           (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
2011/06/06 22:18:42.0507 10136	Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/06 22:18:42.0656 10136	TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/06 22:18:42.0750 10136	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/06 22:18:42.0818 10136	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/06 22:18:42.0852 10136	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/06 22:18:42.0921 10136	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/06 22:18:42.0988 10136	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/06 22:18:43.0145 10136	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/06 22:18:43.0238 10136	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/06 22:18:43.0330 10136	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/06 22:18:43.0391 10136	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/06 22:18:43.0432 10136	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/06 22:18:43.0503 10136	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/06 22:18:43.0557 10136	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/06 22:18:43.0601 10136	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/06 22:18:43.0672 10136	USBAAPL64       (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/06 22:18:43.0710 10136	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/06 22:18:43.0764 10136	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/06 22:18:43.0811 10136	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/06/06 22:18:43.0860 10136	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/06 22:18:43.0949 10136	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/06/06 22:18:44.0032 10136	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/06 22:18:44.0113 10136	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/06 22:18:44.0157 10136	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/06/06 22:18:44.0222 10136	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/06 22:18:44.0342 10136	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/06 22:18:44.0406 10136	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/06 22:18:44.0463 10136	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/06 22:18:44.0521 10136	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/06 22:18:44.0569 10136	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/06 22:18:44.0620 10136	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/06 22:18:44.0679 10136	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/06 22:18:44.0727 10136	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/06 22:18:44.0783 10136	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/06 22:18:44.0857 10136	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/06 22:18:44.0932 10136	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/06 22:18:44.0993 10136	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/06 22:18:45.0068 10136	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 22:18:45.0091 10136	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 22:18:45.0173 10136	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/06 22:18:45.0220 10136	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/06 22:18:45.0306 10136	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/06 22:18:45.0376 10136	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/06 22:18:45.0414 10136	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/06 22:18:45.0594 10136	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/06 22:18:45.0715 10136	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/06 22:18:45.0850 10136	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/06 22:18:45.0960 10136	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/06 22:18:46.0028 10136	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/06 22:18:46.0139 10136	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/06 22:18:46.0156 10136	================================================================================
2011/06/06 22:18:46.0156 10136	Scan finished
2011/06/06 22:18:46.0156 10136	================================================================================
2011/06/06 22:18:46.0173 10076	Detected object count: 0
2011/06/06 22:18:46.0174 10076	Actual detected object count: 0

Antwort
Seite 1 von 2 1 2

Themen zu Sparkassen Trojaner itan Eingabe
account, andere, anderen, anmelden, banking, benutzer, blöde, blöden, direkt, eingabe, eingebe, fenster, gemerkt, itan-liste, karte, laufzeit, melde, melden, neue, online, online banking, schonmal, sms, sparkasse, sparkassen trojaner, troja, trojaner, vorbereiten, wieder weg


« Startseite wird immer mit http://www.searchqu.com/406 gestartet | PC fährt ewig hoch/arbeitet langsam »


Ähnliche Themen: Sparkassen Trojaner itan Eingabe


  1. Sparkassen Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (21)
  2. Sound Probleme bei Tastatur eingabe und die eingabe selbst hackt auch! Verschwunden nach Neustart, kehrt aber wieder wen ich Online gehe
    Log-Analyse und Auswertung - 30.01.2014 (5)
  3. Sparkassen Trojaner
    Log-Analyse und Auswertung - 05.09.2013 (13)
  4. Sparkassen-Trojaner
    Log-Analyse und Auswertung - 21.05.2013 (21)
  5. Aufforderung zur Eingabe von 100 iTAN's
    Log-Analyse und Auswertung - 10.04.2013 (22)
  6. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (13)
  7. Sparkassen Trojaner
    Log-Analyse und Auswertung - 02.04.2013 (17)
  8. iTAN Trojaner bei Zugriff auf comdirect online Banking - danach kein fehlerfreies Anmelden mehr mögl
    Log-Analyse und Auswertung - 26.04.2012 (9)
  9. Sparkassen-Trojaner ? Aufforderung zur Eingabe 100 TANs
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (11)
  10. Sparkassen Trojaner
    Log-Analyse und Auswertung - 20.10.2011 (12)
  11. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2011 (5)
  12. Commerzbanking Trojaner iTAN-abfrage
    Plagegeister aller Art und deren Bekämpfung - 11.08.2011 (2)
  13. Sparkassen Trojaner ITAN Abfrage
    Log-Analyse und Auswertung - 10.06.2011 (7)
  14. Trojaner iTAN 20 Online Banking - Windows7
    Log-Analyse und Auswertung - 07.04.2011 (3)
  15. "Postbank 100 iTan-Trojaner" / obfuscated
    Plagegeister aller Art und deren Bekämpfung - 30.03.2011 (18)
  16. Sparkassen Trojaner. Eingabe von 40 TANs nötig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sparkassen Trojaner itan Eingabe - Hi, ich wollte auf mein Online Banking und da kommt ein Fenster das ich meine itans eingeben soll.. Ich habe direkt gemerkt das da was nicht stimmt denn ich bentuze - Sparkassen Trojaner itan Eingabe...
Archiv
Du betrachtest: Sparkassen Trojaner itan Eingabe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19