Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner Zeus entdeckt

Trojaner Zeus entdeckt


Plagegeister aller Art und deren Bekämpfung: Trojaner Zeus entdeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.07.2010, 11:06   #1
Prinzessjen
 
Trojaner Zeus entdeckt - Standard

Trojaner Zeus entdeckt


Ich bekam heute einen Anruf der Sparkasse, dass der Trojaner Zeus bei meinem PC festgestellt wurde und meine Zugangsdaten von Onlinebanking, eBay etc. ausgespäht hat.

Ich habe mich in diesem Forum informiert und einen CustomScan mit OTL durchgeführt.

Eingegeben habe ich folgenden Text:

Zitat:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Da ich das gleiche Problem habe wie ein anderer Nutzer, poste ich nun mal meine Ergenisse und hoffe ihr könnt mir behilflich sein.

OTL.Txt

OTL logfile created on: 01.07.2010 11:18:02 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\***\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 59,40 Gb Free Space | 63,09% Space Free | Partition Type: NTFS
Drive D: | 129,94 Gb Total Space | 129,84 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 631,36 Mb Free Space | 89,90% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.07.01 11:16:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Kerstin\Desktop\Downloads\OTL.exe
PRC - [2010.05.18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010.05.18 17:04:46 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.15 15:15:20 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009.09.12 16:07:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.20 09:24:01 | 000,126,008 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\nvoy.exe
PRC - [2009.01.09 20:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 20:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.06.18 14:19:44 | 000,376,832 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.16\osd.exe
PRC - [2008.05.13 11:12:54 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.02.22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.16\OsdService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.21 10:59:54 | 000,150,584 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe


========== Modules (SafeList) ==========

MOD - [2010.07.01 11:16:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NVCScheduler)
SRV - [2010.05.18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.15 15:15:20 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.04.17 10:20:10 | 000,274,392 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE -- (Norman NJeeves)
SRV - [2009.03.17 12:49:25 | 000,130,104 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2009.02.25 14:28:39 | 000,408,696 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2009.01.20 09:24:01 | 000,126,008 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.02.22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.16\OsdService.exe -- (OsdService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.21 10:59:54 | 000,150,584 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)


========== Driver Services (SafeList) ==========

DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008.05.14 17:03:40 | 002,136,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.01 08:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.25 14:56:24 | 002,356,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.31 13:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008.02.20 19:14:22 | 000,292,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.19 19:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.09.12 18:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 16:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.die-staemme.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.die-staemme.de/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 06:10:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 06:10:40 | 000,000,000 | ---D | M]

[2009.02.17 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions
[2010.07.01 07:10:55 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\8vuewblv.default\extensions
[2010.06.17 21:50:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\8vuewblv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.09 09:52:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8vuewblv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.18 11:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8vuewblv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.02.17 21:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8vuewblv.default\extensions\toolbar_extras@de.yahoo.com
[2009.09.23 11:40:41 | 000,002,255 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\FireFox\Profiles\8vuewblv.default\searchplugins\askcom.xml
[2010.04.15 14:56:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.18 10:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.02.17 21:38:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.01 10:36:34 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found
O4 - HKLM..\Run: [OSD] C:\Programme\OEM\OSD_1.16\osd.exe (ODM)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{D5854F28-E91C-20E9-5198-5A017674DFE4}] C:\Users\Kerstin\AppData\Roaming\Vaipec\vuyxa.exe File not found
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.07.01 10:36:10 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.07.01 10:36:09 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.07.01 10:35:26 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.07.01 10:35:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.07.01 10:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.06.25 01:50:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.06.22 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.06.22 16:46:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.06.22 16:46:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.06.22 16:25:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.06.18 12:02:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.06.18 11:54:14 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.18 11:54:14 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.18 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PCToolsFirewallPlus
[2010.06.18 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spam Monitor
[2010.06.18 10:19:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.06.18 10:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.06.18 10:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.06.08 22:52:29 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2010.05.04 12:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.04.15 21:19:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.04.15 17:30:43 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.04.15 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM
[2010.04.15 14:56:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2010.04.15 14:56:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.15 14:56:19 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.04.15 14:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.15 12:35:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schule
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.07.01 11:20:55 | 002,097,152 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.07.01 10:59:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.01 10:59:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.01 10:37:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.01 10:36:34 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.01 07:06:28 | 001,555,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.01 07:06:28 | 000,669,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.01 07:06:28 | 000,629,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.01 07:06:28 | 000,145,158 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.01 07:06:28 | 000,119,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.01 06:59:58 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.07.01 06:59:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.01 06:59:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.01 06:59:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.01 06:59:34 | 3179,958,272 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.30 08:50:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{dc40b50a-d984-11de-8f6a-00030db38afd}.TMContainer00000000000000000001.regtrans-ms
[2010.06.30 08:50:31 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{dc40b50a-d984-11de-8f6a-00030db38afd}.TM.blf
[2010.06.30 08:50:27 | 001,522,057 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.06.25 01:45:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.06.25 01:44:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.06.22 16:50:58 | 000,324,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.17 21:46:59 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.10 15:34:00 | 000,028,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.10 14:54:17 | 000,078,520 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.01 09:34:30 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.17 19:58:55 | 000,011,336 | ---- | M] () -- C:\Users\***\Desktop\Urlaub.docx
[2010.04.15 21:19:55 | 186,067,149 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.15 14:58:50 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.15 14:56:21 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.04 16:05:50 | 000,011,256 | ---- | M] () -- C:\Users\***\Desktop\Nationalsången.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.25 01:45:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.06.25 01:44:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.06.01 09:34:30 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.06.01 09:27:26 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.01 09:27:25 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.17 19:58:55 | 000,011,336 | ---- | C] () -- C:\Users\***\Desktop\Urlaub.docx
[2010.04.15 21:19:20 | 186,067,149 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.15 14:58:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.15 14:56:21 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.04 16:05:50 | 000,011,256 | ---- | C] () -- C:\Users\***\Desktop\Nationalsången.docx
[2009.10.27 12:31:23 | 000,000,026 | ---- | C] () -- C:\Windows\sc_mg.ini
[2009.10.27 12:30:53 | 000,000,139 | ---- | C] () -- C:\Windows\asym.ini
[2009.09.13 12:01:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.17 20:31:42 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.07.17 05:12:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll
[2008.06.17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010.04.07 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BSW
[2009.03.03 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Camfrog
[2010.03.23 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DynaGeo
[2010.06.27 14:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.08.29 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kazaa Lite
[2009.05.01 09:13:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.04.30 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MMToolz
[2010.07.01 11:07:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Obfoa
[2009.02.25 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.18 10:35:49 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\PCToolsFirewallPlus
[2009.10.18 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.06.18 10:34:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spam Monitor
[2009.02.17 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2010.07.01 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vaipec
[2010.06.30 08:50:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.07.17 14:42:20 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.07.17 07:31:16 | 000,000,011 | ---- | M] () -- C:\FSC_PI.txt
[2010.07.01 06:59:34 | 3179,958,272 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.27 12:30:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.10.27 12:30:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.07.01 06:59:33 | 3493,773,312 | -HS- | M] () -- C:\pagefile.sys
[2008.11.25 13:08:20 | 000,002,777 | ---- | M] () -- C:\pi_adler.csv
[2008.07.17 04:54:09 | 000,001,533 | ---- | M] () -- C:\Prodlog.txt
[2009.10.17 10:47:10 | 000,000,162 | ---- | M] () -- C:\TO_InstallLog.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.07.17 14:42:07 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.07.17 14:41:58 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.07.17 14:42:07 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.07.17 14:42:15 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.07.17 14:42:18 | 006,684,672 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-29 07:05:28

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5160F090
< End of report >


Extras.Txt

OTL Extras logfile created on: 01.07.2010 11:18:02 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\***\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 59,40 Gb Free Space | 63,09% Space Free | Partition Type: NTFS
Drive D: | 129,94 Gb Total Space | 129,84 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 631,36 Mb Free Space | 89,90% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KERSTIN-PC
Current User Name: Kerstin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032126FB-38E1-4DB2-8876-A0B63B3E1BF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06E7ED9B-4597-4DC6-A17A-B30761BC8D4D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{07A96819-4C53-40BD-A684-8129CCB8FCD3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0A2992B8-2BE8-43FB-9912-32883562C2DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D1A4C2A-9564-4D72-B6D7-C146BEE48DA0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23EFA45A-F9C1-4ECD-A656-BC3B4167CF01}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{30411C3F-6559-41A8-A3BD-CA901CBD3090}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3A219A24-D395-4D20-AB67-09D463657A38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4649B83B-C1B1-468C-BB3A-342BF9163906}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{484E08E0-AB4F-4DF2-A6A2-1C72CA267633}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4EE00FEB-2FBA-426E-AE0E-DAE24589413F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4FA2A3F6-97E8-43D0-95BB-CD932DB47050}" = lport=445 | protocol=6 | dir=in | app=system |
"{53473390-3D2D-4111-ABAE-23380A4C2A96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E4E8B91-A9C2-47FC-A14D-A4F226DD14FC}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6AC7D787-E3A7-49C0-9567-3955604E99F5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6D727586-80A0-4DDC-BC52-28F06707986C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F99F15C-56C2-4EC3-86F4-4CED13DE8ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FB8BFCC-42B5-49B1-A0A2-BB88FEE74EAF}" = lport=138 | protocol=17 | dir=in | app=system |
"{71188A9B-59E6-4ACF-965C-1FD928E89CC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78EFAF60-D674-41E0-840E-C11484717786}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B6C9647-CD87-4D42-AEB8-D5E8AB40203E}" = rport=137 | protocol=17 | dir=out | app=system |
"{803EE9DB-24F9-4B0F-8D80-A4F982D6D338}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8441CDCD-A9C0-4149-8E4D-4DD08048B04F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{948FC2D7-172A-4CDE-B803-B85A3AAC182A}" = lport=139 | protocol=6 | dir=in | app=system |
"{994430CA-6DE5-47C3-8DB9-36BB635303B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB07CD6D-CC38-4FA7-89CE-83D77D8800D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE33741B-97A8-47CD-81B7-520BAC7882E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1AB4782-85C1-47A9-9AB3-06202ED47245}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4CA1C6E-CF7F-42FF-BFEB-C5DF254F7C6D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D58B5EF5-7684-47FB-93D9-BF100D5B3AEA}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7A626D8-4320-4F03-8D39-A37A851B0603}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDCE360D-EFA1-4DDD-AF8F-2EFCFC2206AA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DF27750C-5ED9-419A-8117-9ED94AC999EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA702525-FB1F-4A25-AF4B-4B2E79A5E4CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB82714D-D7C1-4073-859E-B3BF7FD966A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDC194E8-5A9C-465D-BB0E-E40624D16F33}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F2F2659A-1B9F-46B4-B240-BF4E30B43E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE15E1B7-A735-4286-BBC7-20EED9F60E83}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B88C86-C0C3-4EBE-8AF0-786C5B396095}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{202DECEE-7BC3-4E45-8321-96F5F838040E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D163167-E138-4DA7-8211-AA8E7199838B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{41478D49-8F31-4C47-8FA4-BE9AF284E109}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4A8D860B-402B-4637-B257-4EA6BE5CADF2}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{4C250AA9-5186-4EF8-9B73-0E929C5C5A33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EF058BD-38D3-4CEC-B2C6-F73F9008B87D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6447F2D8-DAFE-454C-9F42-8C5825B2C9F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B55D7AF-A0B2-4626-A072-5593C9EACA8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CE7907D-BB82-4DA6-BDD7-32583FB65A41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D55FC58-4F30-4419-AAE2-90E0CA616FFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{832A9E3A-3B76-4894-A1B4-7BBC6243CA94}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9F2B84B9-3594-42D5-9D31-9E74AA81F7EF}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{A01451E3-72FC-4681-818C-BB284FE69DAD}" = protocol=17 | dir=in | app=c:\users\kerstin\desktop\downloads\sweetimsetup.exe |
"{B53C5756-FE0A-4D29-8996-E35FFA181F45}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CEDE969A-5A92-4A3A-AC57-0A4E47EA41F1}" = protocol=6 | dir=in | app=c:\users\kerstin\desktop\downloads\sweetimsetup.exe |
"{D69D8CE4-F36F-40AB-86E8-43E0EA38D2CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E26558C7-05BD-4905-A6ED-2C1237ADD8A6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E454DE2D-FEFF-48A8-9725-67048D72B8E9}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E6EE9818-B61E-4DFA-855C-83BC41DBD2E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB5BC720-3075-48EE-AF21-64B7460F5D78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0FA61969-FB0A-47E9-A510-69BF9951045E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{407971D5-D1B3-4B64-8747-BC3B68B6D2F3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4A9B0C56-0D33-4258-9E8C-CB212F073411}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"TCP Query User{581990B8-C1EA-49BD-8E38-E5EC3372ED56}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7BC56A99-8D64-4F8A-8D0C-FB68E6EE092B}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{7ECFFBAC-CB4B-433C-AE26-5B64E1CD2EC1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{93D64F16-C5FB-4B3C-9C0E-33BF4CBE4430}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C07AB54F-6223-4AC7-9F2D-8FB967BC9164}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{C6F1D1B2-9C5F-4B4B-BAA2-FAF767BC7366}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DF8E7F17-EE99-416E-9F2F-176F8D020B3E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0B82D9C1-59FF-4EAA-B275-B5BA907AD2EB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{1AA67365-BF22-4D0B-A45C-8F2CF4A278F4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3044D552-F3BD-408F-A8D3-8EFB04C2B3D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4FEFB17F-E9B3-4434-8A52-04B7AC47F746}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{99AA0FA2-B4F7-4AED-9D5C-447B26890903}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{A06726AF-B7FF-4AF4-A9C1-D2915C049857}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0731BAF-828A-4BA1-A59F-0E3375C2D20F}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"UDP Query User{AB5E0637-266D-4DB3-B736-FAC264B50616}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AE60E913-614A-48D1-ACF8-D1C40EDD0D41}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D707A707-77CA-400E-A600-D1A0BB945B50}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.16
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB49D696-D9B6-4C3F-8E15-527F98F2086D}" = WebcamTest
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Picasa 3" = Picasa 3
"Uninstall_is1" = Uninstall 1.0.0.1
"WinZip Self-Extractor" = WinZip Self-Extractor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.06.2010 01:06:08 | Computer Name = Kerstin-PC | Source = Norman ZANDA | ID = 0
Description =

Error - 24.06.2010 01:06:09 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Zanda.exe, Version 7.10.1.1, Zeitstempel 0x49a53977,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037dd,
Ausnahmecode 0x00000006, Fehleroffset 0x0003fbae, Prozess-ID 0x5e4, Anwendungsstartzeit
01cb135aee92ac87.

Error - 24.06.2010 01:07:39 | Computer Name = ***| Source = WinMgmt | ID = 10
Description =

Error - 24.06.2010 19:44:38 | Computer Name = *** | Source = Norman ZANDA | ID = 0
Description =

Error - 24.06.2010 19:44:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Zanda.exe, Version 7.10.1.1, Zeitstempel 0x49a53977,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037dd,
Ausnahmecode 0x00000006, Fehleroffset 0x0003fbae, Prozess-ID 0x624, Anwendungsstartzeit
01cb13f72e6be8b1.

Error - 24.06.2010 19:45:42 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 24.06.2010 19:53:29 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 25.06.2010 04:09:02 | Computer Name = *** | Source = Norman ZANDA | ID = 0
Description =

Error - 25.06.2010 04:09:02 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Zanda.exe, Version 7.10.1.1, Zeitstempel 0x49a53977,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037dd,
Ausnahmecode 0x00000006, Fehleroffset 0x0003fbae, Prozess-ID 0x5e4, Anwendungsstartzeit
01cb143da562eb68.

Error - 25.06.2010 04:10:03 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 17.02.2009 14:58:06 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide


Error - 19.02.2009 03:45:35 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ OSession Events ]
Error - 31.12.2009 08:34:37 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4843
seconds with 3600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29.06.2010 13:13:50 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 29.06.2010 13:13:50 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 29.06.2010 13:13:50 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 29.06.2010 13:13:50 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 29.06.2010 13:13:50 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 30.06.2010 01:55:10 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.

Error - 30.06.2010 01:55:37 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =

Error - 01.07.2010 01:00:17 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.

Error - 01.07.2010 01:00:19 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.

Error - 01.07.2010 01:01:18 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =


< End of report >

 

Themen zu Trojaner Zeus entdeckt
0 bytes, acroiehelper.dll, alternate, antivir, ask.com, ausgespäht, avgntflt.sys, avira, bho, browser.exe, components, corp./icp, desktop, dsl, ebanking, ebay, enigma, error, excel.exe, extras.txt, failed, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, install.exe, installation, intranet, location, logfile, media center, microsoft office word, mozilla, norman, nvstor.sys, oldtimer, otl.txt, picasa, plug-in, problem, programdata, realtek, registry, saver, searchplugins, senden, shell32.dll, skype.exe, software, spyhunter 4, start menu, svchost.exe, trojaner, trojaner zeus, vista, windows


« erst trojana TR/DLDR.codecpac.kzf gefunden und weitere: was tun? | Ärger mit Antimaleware Doctor! »


Ähnliche Themen: Trojaner Zeus entdeckt


  1. Baukasten-Trojaner Zeus jetzt in 64 Bit und mit TOR
    Nachrichten - 12.12.2013 (0)
  2. Zeus/ZBot TRojaner
    Log-Analyse und Auswertung - 20.02.2013 (12)
  3. web.de meldet zeus trojaner
    Log-Analyse und Auswertung - 14.12.2012 (7)
  4. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)
  5. Zeus Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (27)
  6. Trojaner.Banker evtl zeus?
    Log-Analyse und Auswertung - 17.10.2012 (3)
  7. Trojaner ZeuS/ZBot
    Log-Analyse und Auswertung - 11.10.2012 (1)
  8. Trojaner Zeus 2 - Was ist alles zu tun?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (13)
  9. Trojaner Zeus
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (37)
  10. "Zeus"-Trojaner durch Web.de Nachricht "entdeckt
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (15)
  11. web.de meldet trojaner zeus
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (15)
  12. (2x) Web.de meldet Trojaner Zeus
    Mülltonne - 01.05.2012 (1)
  13. c't seziert Banking-Trojaner ZeuS
    Nachrichten - 11.09.2011 (0)
  14. Zeus-Trojaner, gmx-Mail
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (6)
  15. Trojaner Zeus 2 - Beste Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (5)
  16. Trojaner - Zeus 2
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (9)
  17. Trojaner entdeckt / gelöscht, am Folgetag neuen entdeckt (Trojan.Downloader, Trojan.Vundo)
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Zeus entdeckt - Ich bekam heute einen Anruf der Sparkasse, dass der Trojaner Zeus bei meinem PC festgestellt wurde und meine Zugangsdaten von Onlinebanking, eBay etc. ausgespäht hat. Ich habe mich in diesem - Trojaner Zeus entdeckt...
Archiv
Du betrachtest: Trojaner Zeus entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131